[{"_id":{"$oid":"692e31b9c5f6c67f6419f2bb"},"created_at":{"$date":"2025-12-02T00:24:25.565Z"},"url":"https://mahatenders.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://mahatenders.gov.in/","scan_timestamp":"20251201_185501","output_directory":"results/zap_reports","scan_results":{"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":15.014825582504272},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"traditional_spider":{"scan_id":"6","status":"completed","urls_found":221,"urls_list":["https://mahatenders.gov.in/robots.txt","https://mahatenders.gov.in/","https://mahatenders.gov.in/sitemap.xml","https://mahatenders.gov.in/nicgep/app","https://mahatenders.gov.in/nicgep/app?page=WebScreenReaderAccess&service=page","https://mahatenders.gov.in/nicgep/app?page=FrontEndAdvancedSearch&service=page","https://mahatenders.gov.in/nicgep/app?page=WebAnnouncements&service=page","https://mahatenders.gov.in/nicgep/app?page=FrontEndLatestActiveCorrigendums&service=page","https://mahatenders.gov.in/nicgep/app?page=SiteComp&service=page","https://mahatenders.gov.in/nicgep/app?page=FrontEndTendersByLocation&service=page","https://mahatenders.gov.in/nicgep/app?page=WebCancelledTenderLists&service=page","https://mahatenders.gov.in/nicgep/app?page=WebAwards&service=page","https://mahatenders.gov.in/nicgep/app?page=FrontEndContactUs&service=page","https://mahatenders.gov.in/nicgep/app?page=FrontEndTendersByClassification&service=page","https://mahatenders.gov.in/nicgep/app?page=FrontEndTendersInArchive&service=page","https://mahatenders.gov.in/nicgep/app?service=restart","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SLP8XsRkpV9zf8ZLSqN7B5A%3D%3D","https://mahatenders.gov.in/nicgep/images/sitemapa.png","https://mahatenders.gov.in/nicgep/images/dashboard.png","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SbLg1WHrgEz3XsjcpM4I5Ew%3D%3D","https://mahatenders.gov.in/nicgep/images/indiagovin.png","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=S1X02f%2FySSqyt0OCSHZj7rQ%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SR3l42I6Kfm%2F605TO%2Fs%2FHNQ%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SyimsROE3yv8jPFBqc3x46A%3D%3D","https://mahatenders.gov.in/nicgep/app?page=ResultOfTenders&service=page","https://mahatenders.gov.in/nicgep/images/contacta.png","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=S7Rl3nZg%2BLBJIhVw2o2BrVg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SKtH%2BxWs7VHyhA03MUBeeHA%3D%3D","https://mahatenders.gov.in/nicgep/includes/dialog/nicgep_color_theme.css","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SS96Xg96f8KAAO668KbNdMg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=Sh8hvQcwjYe4iwaDyordeJg%3D%3D","https://mahatenders.gov.in/nicgep/includes/CsrfdeleteBlock.js","https://mahatenders.gov.in/nicgep/app?page=FrontEndDebarmentList&service=page","https://mahatenders.gov.in/nicgep/js/nicci.js","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.%24DirectLink&page=Home&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SYRBgvxdV%2BtcjPEFw4fXzCg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.login&page=Home&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=ShzmG1SLQ6bwiENAlAa4MTw%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SJy%2BUyDmQOSJximAPHk9aDA%3D%3D","https://mahatenders.gov.in/nicgep/app?page=FAQFrontEnd&service=page","https://mahatenders.gov.in/nicgep/includes/siteComp.js","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=Se0raWKnoLbBDwJP5G%2BTsZg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SsFaev4A0V%2F0ueHo9BIc%2B7g%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SHbZ0ZR09vafnGodmTqHjkA%3D%3D","https://mahatenders.gov.in/nicgep/app?path=%2Ftapestry%2Fcore.js&service=asset","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.%24DirectLink_0&page=Home&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?page=ErrorNotice&service=page","https://mahatenders.gov.in/nicgep/app?page=BiddersManualKit&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=S%2FAOdOURNEsS2inwraiWc2w%3D%3D","https://mahatenders.gov.in/nicgep/images/tendersindiammp.png","https://mahatenders.gov.in/nicgep/includes/dialog/dialog_box.js","https://mahatenders.gov.in/nicgep/app?page=DSCInfo&service=page","https://mahatenders.gov.in/nicgep/images/Gepnic.png","https://mahatenders.gov.in/nicgep/includes/dialog/dialog_box.css","https://mahatenders.gov.in/nicgep/app?page=Disclaimer&service=page","https://mahatenders.gov.in/nicgep/includes/MessageDigest.js","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.%24DirectLink_1&page=Home&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_3&page=Home&service=direct&session=T&sp=SSecurity_Audit_Report.pdf","https://mahatenders.gov.in/nicgep/app?page=FrontEndLatestActiveTenders&service=page","https://mahatenders.gov.in/nicgep/images/textbg.png","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SjIIXA9ZzkzLacRvKJhKPHQ%3D%3D","https://mahatenders.gov.in/nicgep/app?page=HelpForContractors&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=WebAwards&service=direct&session=T&sp=SwztZGE1blNBURmjmKeRbbhtAiFKmjyRbRrbrPxChpCM%3D","https://mahatenders.gov.in/nicgep/includes/evaluator.js","https://mahatenders.gov.in/nicgep/js/jquery.min.js","https://mahatenders.gov.in/nicgep/css/nicgep_web_style.css","https://mahatenders.gov.in/nicgep/app?path=%2Fgep%2Fgep2.js&service=asset","https://mahatenders.gov.in/nicgep/images/notice.png","https://mahatenders.gov.in/nicgep/app?page=FrontEndListTendersbyDate&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=Home&service=direct&session=T&sp=SyTTsJQy8LwE05pFoXkzK7w%3D%3D","https://mahatenders.gov.in/nicgep/app?page=SiteMap&service=page","https://mahatenders.gov.in/nicgep/images/tngovin.png","https://mahatenders.gov.in/nicgep/images/homea.png","https://mahatenders.gov.in/nicgep/images/nation.ico","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_1&page=WebAwards&service=direct&session=T&sp=STdqLVeNSlic%2Fe0dtXCI%2FWNix3Q%2BXg1NAfEwZUfyyoEE%3D","https://mahatenders.gov.in/nicgep/app?path=%2Forg%2Fapache%2Ftapestry%2Fpages%2FException.css&service=asset","https://mahatenders.gov.in/nicgep/app?page=FrontFeedback&service=page","https://mahatenders.gov.in/nicgep/app?page=WebTenderStatusLists&service=page","https://mahatenders.gov.in/nicgep/app?page=Home&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=WebAwards&service=direct&session=T&sp=SeJdvTbDSEfe%2F1Qsfnp6m7EYWMt7Iby2f3GIa0XoA5i0%3D","https://mahatenders.gov.in/nicgep/app?path=%2Fgep%2Fgep.js&service=asset","https://mahatenders.gov.in/nicgep/images/topban.png","https://mahatenders.gov.in/nicgep/app?component=clear&page=FrontEndLatestActiveCorrigendums&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SsJtjcX6R6ZIBGSoi%2FiRZrg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=clear&page=WebCancelledTenderLists&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=cancel&page=FrontEndTendersByLocation&service=direct&session=T","https://mahatenders.gov.in/nicgep/images/ftopbg.png","https://mahatenders.gov.in/nicgep/images/gep_logo.png","https://mahatenders.gov.in/nicgep/app?component=clear&page=FrontEndTendersInArchive&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=clear&page=FrontEndAdvancedSearch&service=direct&session=T","https://mahatenders.gov.in/nicgep/images/frgt.png","https://mahatenders.gov.in/nicgep/images/security_cert.png","https://mahatenders.gov.in/nicgep/images/frgtbot.png","https://mahatenders.gov.in/nicgep/images/fleft.png","https://mahatenders.gov.in/nicgep/images/fleftbg.png","https://mahatenders.gov.in/nicgep/images/latestenders_title.png","https://mahatenders.gov.in/nicgep/images/frgtbg.png","https://mahatenders.gov.in/nicgep/images/home_login_button_2.png","https://mahatenders.gov.in/nicgep/images/fbotbg.png","https://mahatenders.gov.in/nicgep/images/tendersearchbg.png","https://mahatenders.gov.in/nicgep/images/latestcorrigendums_title.png","https://mahatenders.gov.in/nicgep/images/spacer.png","https://mahatenders.gov.in/nicgep/images/fleftbot.png","https://mahatenders.gov.in/nicgep/css/gep_style.css","https://mahatenders.gov.in/nicgep/app?component=cancel&page=FrontEndTendersByClassification&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=Home&service=direct&session=T&sp=SJU4XG5vzWqYJgK6VMK336w%3D%3D","https://mahatenders.gov.in/nicgep/app?page=StandardBiddingDocuments&service=page","https://mahatenders.gov.in/nicgep/app?component=clear&page=ResultOfTenders&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?path=%2Forg%2Fapache%2Ftapestry%2Fform%2FDatePicker.js&service=asset","https://mahatenders.gov.in/nicgep/app?component=cancel&page=FrontFeedback&service=direct&session=T","https://mahatenders.gov.in/nicgep/js/autocomplete/jquery.js","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FrontEndTenderDetails&service=direct&session=T&sp=SmNeKTOzPGCvrzZ4g598bzNkBBlbxTGqaDp95SQPImxU%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_1&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAGWQsUvDQBTGX1IKYq3UKjgJgpvDVTfBpWhRWkIptDi4yJm8xpPmEi%2FXUhXELjpU0EE3BwfH4l%2Bio7NaXCs6CU5eYkNbvO34ft%2F7vvc6PYj7AhZtt0E4M4mNHpHILRQEuWTykFTUL%2BeadUf9DebLUvLz6yLLlnQYy8GE1VfK7AgLoDPLgISFvimYJ5nLJaSNfdqgmRrldqYsBeP2qgGpyLaFglUZWhKmh7g1160h5QpM%2BszmyrOOQuYVlRqiDDecFfO5O2rPc4k2CqWl%2F1aJ6hepgwdwAto%2FpUTlXqg0vWxr423zYeYYgjfrdCXEqGWpG00FCSRIIP2CT%2FPi9Pn250MHbRviDVqrY9PTFDo5QMOW7ferx8uFF8UVIk5AagAV684uirPOzVzi%2BrWtAzS9MD7RY6PB%2FdXS3bv779b5ihqYjwYG9ceVR%2FPU0SvhduowzMSdZeJZ1V%2F%2F54dv6QEAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF2QPWgUQRTHZ%2B8Sjd7l67RQRBCEgM0cuUIC14Rzm4tLNNyhiIVMbp%2BbSXZnJjNvzz0LSRAUSWFAbaws7ExnYSnYaGGbJgiK2Ka2sHFmc5dcMuV%2F3u%2F3Pnb2yajRpB7JLhW8QyNQFEGEoCkI5NijtzU0eNjOs7tSrzUREl920sT%2Bm4AbvHR%2F78OLmdqnAikFpBSC6WiukEuBpBKssi6rxkxE1RZqLqJ6QMphn15kCayTJ8Qbylr8MRznfJkux2C5icMaZJiak2S7pwa2Ag%2BRTA05Apl3HlEMV%2Fo144ZHwg50AzQ2QxcWA1I0QiI5N0Q2BUIE2sJnUxVLFkLY6PWry4PEZwiHDVPkcdUl9UwhKTbkkrIHnnJ%2F1CnpwUIbH78sXFv7N1Ignk9GuyxOITtWtpgmy6Cf7by5XHr9a6tASKbm9RXiHpKxO6D5Qw6h63BryTaYOCLzbbf%2BbH9%2FefWn1S8M9G7sM7nA3%2F2KZNKCD2qz12u1uVmaxSa%2F6Hj%2BX9rnVjl9pOyfofL73fu%2Fm8%2FnrLV50uoN8aeenrZ8JefNekzbPAGDLFEzF3a%2Fea3PcCAQTEiTDWZ3h6PucCurm97Ne3ix6HZ%2BNGbVb%2FfKve3s%2FI9XG%2F8Bvydek7ACAAA%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FrontEndTenderDetails&service=direct&session=T&sp=SWhXiB4SOMzT9dHXgbgKTx9kBBlbxTGqaDp95SQPImxU%3D","https://mahatenders.gov.in/nicgep/app?component=clear&page=FrontEndLatestActiveTenders&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=SVVN8fYVFYszA%2BhHMCF7OXA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_1&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAFvzloG1uIhBKz2%2FTC8vM1kvPbVAryQ1LyW1SC81rySzpFIvBMhzyU8uzQXyfTKLSwJ4P3zsccg0YGLgcGHgSYHKBGdWpXoxMGWm%2BDBwp6QWJxdlFpRk5ueVMAj5ZCWWJernJOal6weXFGXmpVv7MAjAtIWlFmWmZaamlDAII6lzys%2FPSU3MAyrkLc5MzwPqcU4tKvEEqhJAUuWTDzaLuTgvH1W7Z15JanpqEVBOCOIVmPP9EnNTCxnqGBgxZAISSzLAMhUFDh0LCxZf57JlAAHx3NclDMx%2BniHAMBIE2aAHskEP6sCzCkUNV%2Bf8esfEwBjFwFqWmFOaWlHACFTKh1AKdmX3kwln%2BpXvA9V5wdQVMQggFPmV5ialFrWtmSrLPeVBNxMDQ0UB2Ho%2BvUWoFkO9JvRowZLvje0WQAM9YQaCnM8F1MNYAAz0ELDvgAGTmZwab6hXkJIGAFp3KSXpAQAA","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_8&page=CorrViewDetails&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SJyj0hkopA8miq1mLQcY6SbfTBRLIRw3V7IIiwFP0XVQ%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FrontEndTenderDetails&service=direct&session=T&sp=S9I0plS%2BpcenDam0pzJxinNkBBlbxTGqaDp95SQPImxU%3D","https://mahatenders.gov.in/nicgep/app?component=clear&page=WebTenderStatusLists&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF2QPWgUQRTH394lGL3kjJdGEUEQArGYwxNEOZBwbnNxicodfmAhk9uXzSS7s5OZt%2BeehZhGkRRaaGMlYmc6C0vBysI2TSwMYmNhbWHj7N5dcsmU%2F3m%2F3%2FvY%2BgPjRkM9iLtMig4LUDFC6aNmKElQj93U2BB%2BO8%2FuxHqtSRi5cSeJ7L%2FxhKHT93c%2BPJ%2BtfSpAyYOSj6ajhSIRS4KKt8q7vBpyGVRbpIUM6h5M%2BgN6kUe4Do%2FBGcla4hEe5Nw4WQrRcuW9GuKUmMNku6eGtoLwCaZHHF6cdx5TnFYGNVNGBNIOdA01Nf0sLHpQNDImmBkhm5IwQG3hY4kKY%2B6j3%2BgNqieHicsJ9xomJMJqltRTRVBs3Lil7IGnsz%2BWKVl%2FoScfvyzMrf0bK4DjwniXhwmmB8oWk2gJ9dOt12dKr3Y3CwCpmjd3IXsEE7dRi2WBfr%2BDbVDeJ%2FNtN3%2B9%2FPbi3A%2BrXxjqs7GP5gJ3%2BzvBcQs%2BqF24VKtducjS0OQXncr%2Fy%2BydVZ7YVw7OUPn59v3fjWeXrbV52OqM8Ed%2BVy1fyXmzHrK2iNAQj9Tsye2vTusz9gWSy9ikw9mzw7HscCurG871e3SqmO38cMKq3%2BxUrp5Nz6sG%2FAf2HlYpsAIAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAF1Sv08UQRid2%2BMicGrggKCFySUkJsS40Gj8ERM5LibAgYYDiTaXYXfYG5jbGWZmjz0LA40WFFpoZ6IFhSZEC%2F8AjZUx2JhQ%2ByOWamuCjd%2FsD7lzi8nOvDfvve%2F7ZvcnyimJznq8afvUsT0i7AZWmkib%2BJrqlj0b7cp8w2ccu6pClV7KfJj%2FuveUWWiggrodrInHZUujQmUVN%2FEYw743VtWS%2Bt7lCupxJAGGWwJCXxuhwiM4n8BlWP4RAk3ZmDkBwhGXO1V6h3TKl3mwzAycB7hBG2ShJcg6uosykGiFMjKHG%2Bl%2BIN1P%2BO6iZDcxC1LIoq75s%2BASVROOpk3wGWjzKXHOCPbBaDAllKkSDLfaZYapmqwTZ63EwwS9LjTlvoFzFVSg6hpEuIF1vUoYcaDcBOkWknIJbU5SZNUc7www5UN3iYQAxxT1fOjpJJF6Ko2dgxmxNEZPINy41QmaTw5MK81RFhwCySJ6KDTqL1HXJbI4i%2F0As%2BIM1fAWjhtz25jb0Yy2vz%2FcezDy2UKZaZRrmqpDifoOSXNBY5nIe7uPT%2BUffdm2EAoFij8L1AoRUa0zewGmpDRuiNMn9t9nqm8IKE6hnI99rsLU1kzeNnHrq1uZmVv6ZNbobXQjqE9c%2BlEMC%2FXauOrwj5%2FC5ut306Nrf7pAtJzGNHX2Xn2xvtR7RexolBXuikZn4ppr88SDpyyxmVMtbkBtMW5XrXlx%2FLwNbCNQUGbtSUoaBu%2F%2BQ%2B%2FkeXwsys39Jwe%2FwPx2ai4yIro5iMw61KFidaokMy58e7bze%2Bv%2BhbgvbSXAjWzb%2Fa6RlxoNt%2Bcv8pViXJb6z8fsjkbtc4YGR5%2BH5z69eiv%2BAkkC16b1AwAA","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=SiteMap&service=direct&session=T&sp=SQ3yPq6J7v7jX3xQksXBu8njjgc7ZU2CKN3TcNz%2BAXcA%3D","https://mahatenders.gov.in/nicgep/app?component=docDownoad&page=FrontEndTenderDetails&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=DSCInfo&service=direct&session=T&sp=SDSCAddress.pdf","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVTPWgUQRSe28th4qkkl4QkirIQECzcsxJ%2FGnM5hCR38ecSRZsw2Z1cJpndmczMXvZEJCnUIoUBFSwELawk2NjYCVYisUztD4JNTCto45u9XXN3xXBvvu%2B973vvzW79Qjkl0ek6bzgBdZ06EY6PlSbSIYGmuulU46jMVwPGsacqVOmbmU%2FXv22%2FYBbqr6BuF2tS57KpUaGyhBu4yHBQL9a0pEH9YgX1uJIAwysBobeNUOExnE%2FgMhz%2FCaGmrGhugHDA426N3iGd5cs8nGcGzgPsU5%2FMNAVZQfdQBhwtUEamsZ%2FG%2FWk8Fnizkt3ALEwhi3rmnwVJVI25mjZAp79Np8Q5IzgAoYGUUKZKMNxsLzNE1fgicZdLPErQK0JTHhg4V0EFqi6DhatYL9YIIy60myDdQlIuYcyJi6ya5p0GJgKYLpFg4LCi9QBmOk6knkht52BHLLXREwqvNeoEzScXZpTmKgsKoWQxPRIa9ZWo5xFpV3EQYmZPUQ1v4YgRd4y4E%2B9o48fm9qPRLxbKTKJcw3QdSdS7T5oO%2FXkiH2w9PZ5%2F8nXDQigSqPWzoFohJqoV5szAlpTGvjg5vPMxU3tPoOIEygU44CpKZc3mHWN3cWk9M3VLj2RNvdVuBP2JC7t2NHB3fk116LeewtrbD5Onlv92QdFyatP0efDS49f3T7y7tqtRVngLGh2rNsvcDX143nOzrfHMNc6fOesAahIKypw9SQvDoNW3r5U8h8%2B2XNt5%2FmcPxG6nYiIj4swBZM7BjirZzirJTgvfX776vf7wXGsObZYho6stv2v0jUYjs8J8f7B%2Fmy%2FY1aadNqE6lKw4OhQPzB0cerYZHW38ROIfrPs6s%2BcDAAA%3D","https://mahatenders.gov.in/nicgep/app?page=ForgotPasswordSendVerification&service=page","https://mahatenders.gov.in/nicgep/app?page=CommonErrorPage&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_1&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAFvzloG1uIhBKz2%2FTC8vM1kvPbVAryQ1LyW1SC81rySzpFIvBMhzyU8uzQXyfTKLSwJ4P3zsccg0YGLgcGHgSYHKBGdWpXoxMGWm%2BDBwp6QWJxdlFpRk5ueVMAj5ZCWWJernJOal6weXFGXmpVv7MAjAtIWlFmWmZaamlDAII6lzys%2FPSU3MAyrkLc5MzwPqcU4tKvEEqhJAUuWTDzaLuTgvH1W7Z15JanpqEVBOCOIVmPP9EnNTCxnqGBgxZAISSzLAMhUFDtU3D%2FXHaHxjAAHx3PclDMx%2BniHAMBIE2aAHskEP6sCzCkUNV%2Bf8esfEwBjFwFqWmFOaWlHACFTKh1AKdmX3kwln%2BpXvA9V5wdQVMQggFPmV5ialFrWtmSrLPeVBNxMDQ0UB2HqeBBFUi6FeE3q0YMn3xnYLoIGeMANBzucC6mEsAAZ6CNh3wIDJTE6NN9QrSEkDAO5hr2DpAQAA","https://mahatenders.gov.in/nicgep/app?page=LoginDetails&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=CorrViewDetails&service=direct&session=T&sp=SsJtjcX6R6ZIBGSoi%2FiRZrg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_4&page=CorrViewDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF2RsW8TMRTGX9JE0NCgEKpuoEoMqEOvvUhICCRUkuuQ6qgQQWJADK7v5XBzZx%2F2uyjpUMECQwcYYICJgbEDEv8BEgtiZUMCIVY2JAYW7CNVE7zY%2Bt73fv78fPgTqkbDtVgNPSm4F2PmcaW1h5IEjb2OPd9RetAlTAPF89Tq5rqMnB4gMZGEwtDbxpe7F89%2F%2FlCGhRBqrv8WMqMkQTPcZUO2ljAZr%2FVICxlfDWHJOUSMMsrTAA3XIiOh5APYh1IIjanqbUEJTvQTkeI9sYez0EDlOwla6Mm%2BSHCbpUf2sogIGlPOUBWX14Tp3Ec%2BaKsRwdmpelupBJm0lnmDPNe4KfmEVTciljZ7BzV1IyfOhTBnpJoldCVhjNpdMkQt%2BgKj9njiXiiUcY8Y5cZplVGWEVQCRvZFVbf59iMajuY5mvfvZQ%2Ffvd9aGfyplKEUQHXIkhxHM7btPN1B%2FfjwxblTz78dlAFG2UZ%2F5aVdrwhqmzaSjLws6lv46eOuYhgHP559enrhq0VvHaFdshq41Vy6Z%2FMtrvurAfLV1nrr0rLvX2n5yzdvFPnrhav%2BccOCzxyDJzNofn%2F95vejJ5ctu%2Fs%2FuzTV3%2Fw1zv4Cs8F83oQCAAA%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSPUwUQRSe2%2BMieGDgAIXC5BKi0cKFyig2cFw0wHEaDzXaXOZ2h2NgdmaYmT32KAzGxIZCC%2B1MbC0IjY2diZUxWFIriaU%2FvTa%2B2duVuy0m%2B%2Bb73vu%2B997s%2F0Q5rdCVpmi5nHpuk0g3wNoQ5RJuqGm7K3FUFtucCezrCtXmQebz3ePDN8xBoxXU72FDmkK1DSpUNnALTzPMm9M1oyhv3qigAU8RYPglIAx3ESoihvMJXIbjPyE0lE3bGyCc8oVXozukt3xZhA1m4TzAAQ3IaluSLfQYZcDRGmWkioM0Hk3jee7fU%2Bw%2BZmEKOdS3fw4kUT3vGdoCndEunZIQjGAOQmMpoUy1ZLjdXeYc1QvrxNssiShBb0tDBbdwroIKVN8EC3ewWa8RRjxoN0H6paJCwZgTF1ldFb0GFjlMlygwMKRpk8NMF4gyi6ntHOyIpTYGQul3Rp2g%2BeTCjtJeZUEhVCymR9KgkRL1faKKK5iHmBWXqYG3cMaKu1bcjXe09%2F3F4fOprw7KLKFcy3YdKTR8QqqGQYOoZ%2FuvzudffttzEIok6nwOVCvERL3F3FXYkjY4kBcnjj5lah8IVFxEOY650FEqazfvWrvrG08yyw%2FNZNbW2%2B5H0J%2Bc%2FVGMzj6dfa979DtPYffdx6XLm3%2F7oGg5tWn7PD339vfYzvGtA4Oy0l8z6FINZshIfUG0iKo3qF%2FXYSOgWsO%2B6lWyXW9dn7nqAtVmF7Q9B5J%2BJkF45EQ4eRtfimr36PWfX6D8KFWWGRlnjiF7jvdU6ZNdYd%2FUgexBnTgajDv2xicuzESD14bm5D9Bz3OXqAMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SGvpW1gx9yQCeKyE9LRI67xtYjhiL%2BUZlr9BbL0bqBJrwoMR7Lfam6dYdHW5kRJ5%2B","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=Sm9bEVFI0eMA5SMNQmx9jrw%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF2QP2gTURzHf3dppZq01uigiCAIAQdfMIgoWSTecvWoSoIiDvqa%2B3l97d2763u%2FixcHaRZFOuigi5ODm90cHAUnB9eKFEERV2cHF99dkjbtG7%2Fv9%2Fn8%2Fmz%2BgWmtoBnEPSZFlwWYMELpo2IoSVCf3VDYEn6nyG7HatUljJy4m0bmX3tC08m72%2B%2Be1RofbCh7UPZRd5VISMSSoOqt8B6vh1wG9TYpIYOmBxV%2FRC%2FyCNfgMVgTWVs8wr2cE6dLIRpubqeGOKV6P9npJ2ObLXyC%2BQmHFxedpxJOy6OaWS0CaQa6iopcPw9LHpS0jAmOTpCuJAxQGfhQmoQx99Fv9UfVlXHicMKdhimJsJ4nzSwhKLWu30zMgefzP5Yr2XCh9fefFs6u%2FpuywXJgusfDFLM9ZYtptITqyearU%2BWXPzdsgCy50jsN%2BSOYuYVKPBDoDzuYBnO7ZLHtxu8XX56f%2BWH0C2N9PvbBQuBsfSc4bMB7jfMXG43LF1gW6uKis8V%2F5f4xozyyqxydofrrzdu%2Fg6eXjNXdb7Un%2BAPRV8NXC16vhawjItTEo6R2fOuz1f6IQ4HkMtbZePb8cCw%2F3PLKwLp2h06U8p0fzgBYr7er7resNji3%2Fh8j672LsAIAAA%3D%3D","https://mahatenders.gov.in/nicgep/css/preview.css","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF2RMWgUQRSGZ%2B%2BSkOQuITktFBEEIZBmDgQhcE2I21xcgniHIlo4uX3ZTLI7M5l5e%2B5ZiAFRJEUstLGysBFTCBaWSioL2wimUcTWUixsnNm7y10y5T%2Fv%2F%2F55%2F%2Bz9JqNGk1ok21TwFo1AUQQRgqYgkGOHXtOwxMNmrt2UerOOkPiylSb23gTc4Lnbh2%2Bfzl36UCClgJRCMC3NFXIpkFSCDdZm1ZiJqNpAzUVUC0g57LlXWAJb5AHxhrQGvw%2FHfb5MV2OwvumjGWSYmpPOZkf1aQUeIpkZYgQyTx5RDNd7M1OGR8I%2B6AporIdOLAakaIREcmrIWRcIEWhrnkxVLFkI4VKnN13uKz5DOApMkcdVp9QyhWSyW9wF25iyPc%2B4EerItLvXw%2Ff7y%2FOb%2F0YKxPPJaJvFKWTHxlbSZBX0470X50vPf%2BwUCMnU4qPrf%2FZ378wjGb8Bmq9xcOsOgrpfY9OmB5i8gZ1fz77sXvxus5b7WW6VCeKOf%2FANyZjfpCpcy8udyuXy3dOWNDsg9Rqp%2FHz1%2Bu%2F2kwULq5%2BEeUP%2BseSr9Vdyv9mKaZMnYJAlau7MwWev8RG6AMGENFn%2Fya5D6jpc39j2rt7Cs0W3971xi355OPvmXbZweeLTfz94jMC7AgAA","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SADjuCi66QgSlclF9KSIEpPEvUpEI%2B6wNN7dDo6Gr98EDzJHiODez43KCpIdOomMN","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSz2sTQRidTQxtDUqbVlSkEBBFD25%2FHKQggk2DkDatYqqiFpbp7jSddjIznZlNkx6kveihh3rQm6CIx978AyzqoUg99uwPvOpNBT3oN9ldm%2Bxh2Jn35n3vfd9sf0MZrdCFqqi7nPpulUi3hrUhyiXcUNN0p1u7oljlTOBAl6k2t533Nz7vPWMp1F9G3T42pCpU06BceQnX8RDDvDpUMYry6qUy6vEVAUZQAEJvG6EsWnA2houw%2FCeEhrIhewKErkD4FbpGOuWLIpxnFs4CXKM1MtuUZAXdRw44WqCMzOBasu9P9uM8uKnYLczCBErRwP6l4BLV476hdajT31anIAQjmEOhgYRQpFoy3GyXOU71xCLxlwuiEaPXpKGCWzhTRjmqr4KF69gsVggjPsSNkW6pqFDQ5thFWs%2BITgMlDt0lCgwc0bTKoacTRJlSYjsDM2KJjZ5QBlGrYzQbH9hW2qM0VAgVa9Eb0qC%2BAg0CovLTmIeY5aeogbdw1BZ3bXG3NaPNr4%2F2tk5%2FTCFnEmXqNnVDod4D0kxYmyfqwfaTwezjT5sphBoSRV8K1HItol5h7ixMSRtck2dP7O86ldcEFEsowzEXupGUtZN3rd3FpQ1n6o45mbZ6q90IOWuDf3%2FuNE7d293RHfWjp7D%2B6s3k%2BeU%2Fh0C0mNi0OQ9fWX%2BxNXfux1uD0jJYMOhyiWujQt%2FOR3tGeFEPtLcglDdLOPx7E2HNG48o3siYN3zRGx0eHXHhvpXMabv2xCEFuOk7cBM%2FmA95tb7%2F9Pd3sHM3sSMd2bo5gOx6rEMl1akSTz335fnLXxsPx6JOtYVq3Ti43%2BW8M%2BhMHCSZJuTJR3nykCcf55FS%2FgMYXLNP9AMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=SFp9GhPhhals42NbDNIv0GA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=DSCInfo&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=Sl0xuR56PPce%2F0dxegYoJCWrSJa6AlmBKy9XNuMoGlTM%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=Su6dVJsukNF76E4GKmdNC%2BNCbPiJnv7%2B2a9uzUXDEk%2BufnaTruLVusYH%2B9o4siOiz","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSv08UQRSeveMieGLgDvyVmGwkIVqwWBl%2FNHJcTIDjNB5qNCY4tzscA7Mzy8zssWdhoMGCAgvsTLSwJMbEP8CEyhgsqf0RS7VUo41v9nblbovJvvm%2B977vvTc731FOSTTWEE2HU9dpkMDxsdJEOoRrqlvObByVxSpnAnuqQpW%2BY72%2F%2BXnvOcugYgX1uliThpAtjQqVJdzE4wzzxnhNS8obVyqoz5UEGF4JCAMdhIqI4XwCl%2BH4Twg1ZePmBgiHPOHW6EPSXb4swjozcB5gn%2FpkrhWQFfQIWeBogTJSxX4aF9N4gnu3JLuNWZhCGeqZvwwkUTXhatoEnWKHTkkIRjAHoaGUUKYqYLjVWeY4VZOLxF0uiShBrweaCm7gXAUVqLoGFm5gvVgjjLjQboL0BpIKCWNOXGRVVXQbmOIwXSLBQL%2BiDQ4znSRST6W2c7AjltroCwOvPeoEzScXZpTmKgsKoWQxPQo0GixRzyPSnsU8xMyeoRrewlEj7hhxJ97R5tcne1sjHzPImka5puk6kmjggFQN%2FTqRGztPT%2Be3P21mEIoC1P4yUK0QE9UKc%2BZgS0pjPxg9sf%2FOqr0lUHEK5TjmQkWprNm8Y%2BwuLq1bM3f1yaypt9qLoL%2Fg8jc76lcbv1WXfvsprL3ZnT63%2FLcHipZTm6bPw1cfhLtb98%2F%2B1CgbeAsaneJCU5fMazFfj7tX881L5y84ABp%2BQZmzL%2BngGEgNHkglr%2BGDLdf2n%2F35AVr3Uq3ACuLMIWTO4a4qVneVZKWFLy9e%2Flp%2FfLE9hg7HccZBfs%2FIK41Gq7FrWwu7vTNlLwhpkzGI7FpY96lS8OC6ZDNxdCQenjtc7HkdnVHba8E%2FVO0E%2BfMDAAA%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=S2dScIQTNj%2Bij3bwK1MuGASx0gdcqbwriKXQ3YxVUNtFOBs2ZFyRol7ffLNaV6a1p","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=S%2Ft9Rxi2oBMCu5ZYtUo6u0QukjeAthyLyAFtqPrAAQtA%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=SBY78qVaDMI5NoOpsYKlcSg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSPUwUQRSe2%2BMUPDXHAVETwUswJBYuVsa%2FQo6LCXCA4VCiDRl2h7uBuZlhZvZ%2BLMxRqAWFFlKYmGhhSWxs7EysjMGS2p%2FY%2BdOaaOObvV2422Kyb77vve97783OL5TSCp0vi5rLqeeWiXSrWBuiXMINNU13NowKos6ZwL4uUm2WEh8Xvu6%2BYA4aKKJeDxtSFqppULa4hmt4nGFeHi8ZRXn5ahH1eYoAw88DIdNBKIoQTkdwAY59QmAoG7c3QDjsC69E75Hu8gURrDALpwGu0ipZbEqyge6jBDhapYzM4WocD8TxBPdvKXYbsyCGHOrbPweSqJ7wDK2BzkCHTl4IRjAHocGYUKBaMtzsLHOC6skK8dbzohGh89JQwS2cKqIs1TfAwk1sKiXCiAftRkivVFQoGHPkIqnnRLeBKQ7TJQoMHNO0zGGmk0SZqdh2CnbEYht9gfTbo47QdHRhR2mvkqAQKBbSG9Kg%2Fjz1faJys5gHmOVmqIG3cNyKu1bcDXe09f3J7uPRzw5KTKNUzXbdUChzQJoLqitEPdzZHk4%2F%2FbLlINSQqP05UC0bEvUGcxdhS9rgqhw7ufchUXpHoOIUSnHMhW7EsnbzrrVbWdtMzNwxp5K2Xr0XQX%2Fyys9cY2R7r6W79NtPofXm%2FfS59X89ULQQ27R9Hrn%2BTP94MPJ2waCk9FcNOrNC%2FeU6NRVf4Tpmy9GIlmuXL1x0gWGTstqefVEbw6DXf6AXPYlPOdXae%2F73NwjejQVlQoaZg8ieQ11VUt1Vor1mv7189Wfz0aX2LDpsQ8ahjvye0dcGDc1zRjnJwdZyS%2FsddKk4YXQ0HJg3dPpapjFWONuS%2FwHgIpX45wMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_11&page=FrontEndTenderDetails&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSQWgTQRSdTQxtGpU2rVgFISAIom6vghebBjFt0gZTFb2E6e40nXZ2Zjozm24KSnvRQw960JugB8FLwYMnT4p4EKnHnrXiVa%2BCXvyT3bXJHoadeW%2Fee%2F%2F%2F2f2JclqhS23RcTn13DaRboC1Icol3FDTdeu9XUVscCawr2tUm9vO5xsHe89ZBo3X0LCHDWkL1TWoWFvFHTzFMG9PNY2ivH2lhvKeIsDwy0AY7SPURA8uJHAFlv%2BE0FA2ZU%2BAMOQLr0k3yaB8RYRLzMIFgAMakMWuJOvoPnIg0TJlZB4H6X483U9z%2F6ZitzALUyhDffuXgUtUT3uGdsBnvM%2BnLAQjmIPRREqoUC0Z7vbLnKR6ZoV4a2URJeiCNFRwC%2BdqqEj1NYjQwGalSRjxoNwEGZaKCgVtTlJk9bwYDFDl0F2iIMAxTdscejpDlKmmsXMwI5bGyIfSj1udoIXkwLbSHmXBIVSsR4%2BkQWNl6vtEleqYh5iV5qiBt3DcmrvW3O3NaOfH471HZ79mkDOLch1bdaTQ6CFpPgyWiHqw%2B%2FRM4cm3nQxCkUTxlwG1Yo%2Bo15m7CFPSBgfy3OT%2BJ6f5joBiFeU45kJHqa2dvGvjrqxuO3N3zKms1dsYRsi59%2FZoJKMLk6ff6wH%2F%2BClsvfkwe37t7xEQraQxbZ0jV1%2B%2Fcic2D64blJX%2BskEX45pbcc2tZaFaC5xRTloN3A3g0bea5Wp9odF0gW4Vitqu%2BaSmdTAfOzRP3seXktraf%2FbnF7jfTd2lI3s3J5BdTwyojAyqJEMufn%2Fx8vf2w8txY%2FpqgBuFvvtDzkeDJuPUpSR1qaGER%2FxQESnlPyyohanWAwAA","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.%24DirectLink_0&page=SiteMap&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVTz08TQRidbmkoVg0UiHggbiQxksjWk%2FHHRUrVAAWNBY1eyLA7tAPTmWVmtmw5GLjogYMc9EaiB4%2BEi3%2BAiSdjMPHC0SjGoxpvJnrxm%2B2utD1M%2Bs178733%2FdjdHyijJBqriobDqetUie%2FUsdJEOoRrqpvOTBSVxBpnAnuqTJW%2Bn3p%2F93D%2FBbNQfxllXaxJVcimRvnyMm7gAsO8WqhoSXn1Whn1uJIAwysCobeNUBYRnIvhEhz%2FCYGmrGBugNDtCbdC10ln%2BpIIFpmBcwDXaZ3MNX2yih6hFDhaoozM4noS9yfxOPfmJbuHWZBAFvXMPwseUTXuatoAnf42naIQjGAOQgMJoUSVz3CzPc0pqiZqxF0pijBGb%2FuaCm7gTBnlqboJFu5gXasQRlwoN0ayvqRCQptjF2k1KzoNTHLoLpFg4ISiVQ49nSBSTya2MzAjltjoCXyv1eoYzcUXppXmKg0KgWQRPfQ16itSzyPSnsE8wMyephp24aQRd4y4E81o69v2%2FtORzxZKTaFMw1QdStR7RJoN6otEPt59Ppx79mXLQij0UetnQbZ8RFSrzJmDKSmN6%2F65oYN3qcobAhknUYZjLlSYyJrJO8ZubXkzNf1An06bfGtZBPX5V7%2Fb4dlPsld16LdWYeP126nRlb9dkLSU2DR1Hru%2Bk1k%2FvLU3oFHa95Y0GrrBVwMqmwvzrd4sNK5cvOQAZNh5Zc6e2P8ZEOo7Eop34YMtNw52%2FvwEpYeJkp%2Fyo5cDyJyDHVm6O7PEA81%2Fffnq9%2BaTy60mtPmFF9m2910jexqNTTAs6RKFTw22Stnn5wg3c6torAN1wZ5p2uPSrcFyOo4z2qFuRdHxqIPu4PDhrzD9cRv5%2FwB8YVK3%2BAMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_4&page=CorrViewDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF2RsW8TMRTGX9JEQGhQCKgbqBID6tBrE4SEQEIluQ6pjgqRSh2YXN%2FLYXJnH%2Fa7KEECwQJDBxhggImBsQNS%2F4NKLIiVDQmEunar1IEF%2B0jVBC%2B2vve9nz8%2F7xxA2Wi4HamBJwX3Ikw9rrT2UJKgkde2502l%2Bx3CxFc8S6xu7sjQ6T4SE3EgDH2u%2FXhw9fL3L0WYDaDi%2Bu8jM0oS1INHbMCWYiajpS5pIaNbAcw5h4hQhlnio%2BFapCSUfAzPoBBAbaK6ISjGsX4qVLwrnuA01FfZVowWeronYlxnybG9KEKC2oQzUPnlFWHaD5H3W2pIcGGi3lIqRiat5YxBnmlclXzMqhoRSZu9jZo6oRNnApgxUk0TOpIwQu0uGaAWPYFhazR2z%2BbKqEuMMuO00jBNCUo%2BI%2Fuistsa9iNqjuY5mvfvZc9399YW%2Bn9KRSj4UB6wOMPhlG09S7ZQv9x5d%2Bns21%2FbRYBhutJbeG%2FXB4LKqo0kQy8NexZ%2B7qQrH8b2%2Fptvr6%2F8tOi1Y7RLVgG36nPM5ru43Fj0kS82l5vX5xuNm9ea8%2Ffu5vmruav6dcWCz5%2BAxzOo%2F%2F746ejFqxuW3fmfXZjorx8%2BTf8Cl8jbOoQCAAA%3D","https://mahatenders.gov.in/nicgep/app?page=FrontEndTendersByValue&service=page","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.login&page=SiteMap&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SZ1R%2FCg3I7izQW3OmM8lnxCGitPWodrERVypLgPHQnpgC0yhl%2F%2BYci5HwiZ1M0Ur5","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSz08TQRSebmkEqwRaiD%2BCSQ0JkYOLJxP1IqUhAQoaixqNSTPdHdqB2ZlhZrZsPRi8eMEEDnoz8R8gXPwDNJ6M4pGzmnhUT%2BpBL75ZdqXdw2TffN973%2Ffem93vKKcVutgUbZdTz20S6QZYG6Jcwg01HXcxjipigzOBfV2l2tzNvL%2F1Zf8lc1Cxivo9bEhTqI5BheoqbuMphnlzqmYU5c1rVTTgKQIMvwyEoS5CVcRwPoErcPwnhIayKXsDhGO%2B8Gr0IektXxFhg1k4D3BAA7LckWQdPUIZcLRCGVnCQRoX03ia%2B7cVu4NZmEIO9e2fA0lUT3uGtkGn2KVTFoIRzEFoJCVUqJYMd7rLnKJ6pkW8tbKIEvSGNFRwC%2BeqqED1LFi4iU2rRhjxoN0E6ZeKCgVjTlxk9ZLoNTDHYbpEgYGTmjY5zHSGKDOX2s7BjlhqYyCU%2FuGoEzSfXNhR2qssKISKxfRIGjRcpr5PVGkR8xCz0gI18BYGrbhrxd14R1tfd%2Fa3xz85KDOPcm3bdaTQ0BFpKQwaRD3ZfX4u%2F%2BzzloNQJNHh50C1QkzU68xdhi1pgwM5cfrgXab2mkDFOZTjmAsdpbJ2866121p9nFm4Z85kbb2NfgT9yavfStHY0%2ByO7tE%2FfAqbr97OT6797YOildSm7fP49b0P5e0HF34blJX%2BikETsyJUdU%2B0iao3qF%2FXYSOgWsO26pxs1NtXLl12gWhzC9qeA0k3YyA7fCSbvIyPJbV58OLPD9C9n%2BrKjIwzR5A9R3uq9MmusG98T%2FagThydiPv1Rs%2BeR9Hgr59v5D%2FT1gyqpgMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_3&page=CorrViewDetails&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF1RPWgUQRj9di%2FB6F2OeClURBDEoM0cWAlnIXERLi7h8I6IWE1uv%2BxNsju7mfn23LMQ0yiSIhbaWInYGasUlkpsLGzTpPEHGwtLsbBxdu8nl0z5vu%2B99703279hUiuo%2BVGXSdFmPsaMUHqoGEoS1GMNhfPCa%2BXYnUit1QlDJ2onoZlrV2g6e2%2F%2F7dO5K%2B9tKLpQ9FC3lYhJRJKg4q7yLq8GXPrVJikh%2FZoLJW%2FAXuQhrsNDsMawpniAh3lOlCwHaHjl0Q5xSvRRZqsXD9Vs4RHMjGm4Ue48EXPqDHamtfClOegGKqp7GVhwoaBlRDA7xqxLQh%2BVIZ9I4iDiHnrzvcF2aYg4nHBkmJAIqhlSS2OCwu2bjdgUPJPNWCbJ%2BoEe7ewuXF77N2GD5cBklwcJpofWFpNwGdXj7Rfnis%2B%2FbdoAaXz906lrl%2F7sbhFMLaESKwKznP2vOT%2F6E%2BNWPpDJo2%2F%2BfPZl68JX47Uw9MoyHIfsOXvfCUrmziXe4ZLF3kre7XQ%2BLLPXRu%2Fkgd6gkMqPV2%2F%2Bbjy5aiTrRyXtMf6xX1XDr%2BR8vR6wlghREw%2FjudN7n63mB%2BwLSC4jnQ4PzypkWYWd1Q3r1l06U8jS358CsF7uz75rpNWLOx%2F%2FA%2BxKI9y6AgAA","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=STZSgR0GKd3V7S1sNnkNkEK22Cb3jwy21OJpGHm0IdfJmvjkuCcGKM7kjNJwn1sz9","https://mahatenders.gov.in/nicgep/app?path=%2Forg%2Fapache%2Ftapestry%2Fform%2FDatePickerIcon.png&service=asset","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=Sdwv0QsCLlYxPt8XXgZNUYwUgE58T5YwaZQ%2BS%2B7iqBZNOBs2ZFyRol7ffLNaV6a1p","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SGjtDBiW8uSxlAZPtXclts%2BcApDzT5n4VFYuLdV0eWotiffxNIjZWrltHDPeGeIx21LQV5zvBS43L%0AVgVfKpJ6sQ%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SKmBPKNBBVWh9ruyyQJipz6J%2FFhwu9tRen2KLXbe36d6nRpT64Jd7W7s4mHz2cC7K","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldlhRbE9FT0NiNUplMFFna090dmMyQllYN2lia2hNRGxIMAp0V1RBN3ZTM3JxTllvT09uVG1QL1FRK2d5cW94Rmp3PQ==","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSTWgTQRSeJA2mRqVNW1oVIVAUPXQrCOIPik2D0jZtxVSLHgyT3Wk67WRmOjObHw%2FSXuyhBz3oTVDQYxXEizfFk0g9Fo%2F%2B4FG9CnrxzWa3TfYw7Jvve%2B%2F73nuz%2BQsltUIjFVFzOHWdCpFOFWtDlEO4oabpTAdRXtQ5E9jTBarNfOzjtW9bT1gc9RVQysWGVIRqGpQpLOEaHmWYV0aLRlFeOV9A3a4iwPByQOhpIxREAKdDOA%2FHDsE3lI3aGyDs8YRbpHdIZ%2Fm88MvMwmmAq7RK5pqSrKC7KAaOFigjM7gaxX1RPMa964rdwMyPoDj17F8ckqgecw2tgU5fm05OCEYwB6H%2BiJCnWjLcbC8zSPX4InGXc6IRorPSUMEtnCygDNWXwcJVbBaLhBEX2g2RlFRUKBhz6CKhZ0SngQkO0yUKDOzXtMJhpuNEmYnIdhJ2xCIb3b70WqMO0XR4YUdprxKg4CsW0BvSoN4c9TyistOY%2B5hlp6iBt3DAijtW3Al2tPHjwdb94S9xFJtEyZrtuqFQzy5pxq%2BWibq3%2BehI%2BuHXjThCDYlaXxyqZQKiXmHOHGxJG1yVx4a2P8SKbwlUnEBJjrnQjUjWbt6xdheX1mJTN83BhK1XTyHoT577mW0Mrc%2B%2F0R36raew%2Bvr95Inlf11QNB%2FZtH3uvfTqyuQF%2BeyzQQnpLRh0dK4uSq6oEVUqU6%2Bk%2FXKVag3LKnFSL9XOnjztAM%2BmZrQ9u8NmDoFq765q%2BDA%2BZdXq9uO%2Fv0H2ViQrYzLI7Ef2HOio0tVZJdxu5vvT53%2FW1s%2B0JtJmHjKSbfldwy8NGpzljHKSJSOwvWxxx3%2BHTjyI9gWDcwcOXzzeOPXi9jv5H4jOOYfvAwAA","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=CorrViewDetails&service=direct&session=T&sp=SsJtjcX6R6ZIBGSoi%2FiRZrg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=CorrViewDetails&service=direct&session=T&sp=SJU4XG5vzWqYJgK6VMK336w%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSv08UQRSe2%2BMi56mBA6IWmDMkRI0uViZqA8fF5OAA4UAjDRl2h2NgdmaYmT32LAwWakGMFtqZ%2BA8QGxsLExMrYzCxoVYTO3%2F8Adr4Zm9X7raY7Jvve%2B%2F73nuz9wvltEKXGqLpcuq5DSLdAGtDlEu4oablzsRRRWxzJrCva1Sb25mPC9%2F2XzIHDdRQr4cNaQjVMqhY28BNPMYwb4zVjaK8cb2G8p4iwPDLQOjrINREDBcSuALHf0JoKBuzN0A44guvTu%2BS7vIVEa4yCxcADmhAFluSbKF7KAOO1igjszhI44E0nuD%2BkmK3MAtTyKG%2B%2FXMgieoJz9Am6Ax06JSFYARzEBpMCRWqJcOtzjInqZ5cJ95mWUQJOicNFdzCuRoqUn0DLNzEZr1OGPGg3QTplYoKBWNOXGT1rOg2UOUwXaLAwHFNGxxmOkmUqaa2c7AjltrIh9JvjzpBC8mFHaW9yoJCqFhMj6RB%2FWXq%2B0SVZjAPMStNUwNv4YQVd624G%2B9o9%2FvT%2FScjXxyUmUK5pu06UqjvkDQbBqtEPdx7Plx49nXXQSiSqP05UK0YE%2FUWcxdhS9rgQI6eOviQqb8jULGKchxzoaNU1m7etXbXN%2B5npu%2BY01lbb7sXQX%2Fy2s9SNPr54jndpd9%2BCjuv30%2Bd3%2FzbA0UrqU3b59HxR%2F78jwdn3hiUlf6aQcNVQ4IFUFgpz82vLLUHtNK8evmKC7hNKWp75pMmzoJa%2F6Fa8iA%2BldTOwYs%2Fv0FuOZWTGRlnDiJ7DnVVycuOsGfklexCnTg6FrfpDZUGZXTh7eNx%2BQ9yJArnnQMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVTPWwTMRh1Lo2aEEBt2goYqCIVIRi4MCF%2BFppGiLRpQaT8LpV75yZufWfX9qWXDqhdYOgAA2xIMDBWFRIDI4gJobIgdURQxAisIFj4fLmjSQYr9nvf9973c5s%2FUEZJdKrBW7ZPHbtBhO1hpYm0ia%2BpbtvT0a3CV3zGsatqVOmbqffXdrefMgsN1VDWwZo0uGxrVKgt4hYuMew3SnUtqd%2B4UEM5RxJguGUgDHQRajyC8zFcgeM%2FIdCUlcwLEPpd7tTpKulNX%2BHBPDNwHmCPemS2LcgyuotS4GiBMjKDveQ%2BlNzHffe6ZDcwCxLIoq75Z0EQVeOOpi3QGerSKXPOCPZBaDghVKgSDLe70xyiaqJJnKUyD2P0itCU%2BwbO1FCBqktg4SrWzTphxIFyYyQrJOUS2hy7SKsZ3mug6kN3iQQDBxRt%2BNDTCSJ1NbGdgRmxxEYuEG6n1TGajx9MK81TGhQCySJ6KDQaLFPXJbI4jf0As%2BIU1bALB424bcTtaEYb3x5uPxj7bKHUJMq0TNWhRAN7pJnAmyfy3ubjo%2FlHXzYshEKBOj8LshUiolpm9ixMSWnsieOHd96l6q8JZKyijI99rsJE1kzeNnabi%2Bupqdv6SNrkW8kiqE%2Bc%2F14Mj338dEv16HdWYe3l28mTS3%2F7IGklsWnq3Hex2r81vLp7WaO0cBc0GtUyClBNzvUcbE%2FgwabPtc6dPmMDwcQUlDlzcRVFkBvck4s34kNRru08%2BfMT9O4keiIloshhZM6RnizZ3izxWAtfnz3%2FtX7%2FbKcVXa4hItcV3ze2BR%2FHbMd5sW6swyb0CFjRbX%2FUKmdk9MXv8ET46o34B9%2BV4RHhAwAA","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SY%2BJhzrioc4HHIJd9yE%2FeeHTM13ZD0zFoVFjmKS6lXSkuc9PsAiFYqNnpygNStf53","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_8&page=FrontEndTenderDetails&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=FrontEndTenderDetails&service=direct&session=T&sp=ZH4sIAAAAAAAAAF1RPWgUQRj9bi%2FRmE2OeDb%2BIIhCwGYPUgmHEOJaXFyCeIciVnO3XzaT7M5MZr697FmIQVAkhRYKYiVoZzoLSyWVhZZBSKOIbWqLNO7u7V0umfJ933tv3vu292HcaKgHsusI3nECVA6h8FE7KIhTz7mtcYH7rRy7J%2FVagzByZSeO0rnxuKELD%2FY%2BPp%2Bd%2B2yB7YHto%2BlorohLQVD1VlmX1UImglqTNBdB3YMpv2AvsQjX4RGURrAmf4hHea6M2yGmvMpwhxjF5jiz1VMDNYv7BDMjGp7MnccUo5ViZ9rwQKQfuoGaGn4Glj0oGyEJzowwG4IwQJ2SJ2MVSuajv9ArtqcGiMsIh4Yx8bCWIfVEEVgtV6X9zmQjJ1N0%2Bnkef9pZvLp2MGZByYXxLgtjTI6sLcVRG%2FXT7dcX7Ve%2FtyyARM2%2FObiu3v%2BcJJi4i5ovc8xi9i9zaXiS1K1yKJMn3%2Fr78vuLK79Sr8WBVxbhFGTP3d0hqNyRbVncXfnLebnT%2Bdje56ni6UPFopHqn3cf%2Fm0%2Bu5aKNo6LWiP8E09OpvxqzjfrodPiERpikZo9u%2Fut1PyCfQHBhDTJ4OtZh07W4crqZunWfTpXzvJvTACU3u7Z5yG5fPPH1%2F8o5p18uwIAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSv08UQRSe3eMieGrggAga4yUkGAsXKxO1keNiBI7zx6FGm8uwO9wNzM4MM7PHnoXBQi0otNDOxH%2BAWGhjZ2JlDJYkdmpiYeKPPwAb3yy7crfFZN9833vf996brd8orxU60xRtj1PfaxLphVgbojzCDTUdbyGJKmKdM4EDXaXa3HY%2B3vi2%2FZK5aLiK%2Bn1sSFOojkHF6gpu4ymGeXOqbhTlzYtVNOArAoygDITBLkJVJHAhhStw%2FCdEhrIpewOEA4Hw6%2FQe6S1fEdESs3AB4JCGZLEjyRq6jxxwtEwZqeEwi4ezeJoHNxW7hVmUQS4N7J8LSVRP%2B4a2QWe4S6csBCOYg9BIRqhQLRnudJc5SvVMi%2FirZRGn6FVpqOAWzldRkerLYOEaNq06YcSHdlOkXyoqFIw5dZHTNdFrYJbDdIkCA4c1bXKY6QxRZjaznYcdsczGQCSDvVGnaCG9sKO0VzlQiBRL6LE0aKhMg4Co0gLmEWaleWrgLRyx4p4V95IdbX5%2Fuv1k4ouLnDmUb9uuY4UG90m1KFwi6tHW8xOFZ183XYRiifY%2BF6oVE6JeY94ibEkbHMrJsZ0PTv0dgYqzKM8xFzrOZO3mPWu3tfLAmb9jxnO23no%2Fgv7khV%2Bl%2BNjj3THdo7%2F3FDbevJ87vfq3D4pWMpu2z4OXXk%2B%2Bvf7z4UmDcjJYNujUYksR0pgRbaIa0H%2BjHi2FVGtYV6NG1hvt82fPecC0yUVtz4G0neOgO7Svmz6NTyW1sfNi9w8I382EpSOTzBFkz9GeKn2yK%2BybeCV7UDeJDiUN%2B6Pjuc%2Bx8%2BMKkv8APfXJtqcDAAA%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=S%2Fyzvv%2Frl78hvNCzHY%2BL7l6dGlPrgl3tbuziYfPZwLso%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SdBkeXCSPGF%2FlMBbn3gTCx4Rv2NvnSGTmPRFbx7W1KJBGZNzoh8X49GHJNN6J6UGIU0qPRCf0Fxdx%0AaSQaOAimoy5z0%2BwCIVio2enKA1K1%2Fnc%3D","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.%24DirectLink_1&page=SiteMap&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=BiddersManualKit&service=direct&session=T&sp=SW7DoEz7T3IARlQDoaE50uEvlSlp49siP34%2FuBNSYauPaLcAtzVJc5BpCrkbE3pDM","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=CorrViewDetailsPrint&service=direct&session=T&sp=SfUOggUfOzVYziaNgXri2WaunC0u%2BDHdCsNmX2YmC0ws%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=S8t6lJenpsr6BSXFs507zQg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSQU8TQRSebmmgVg0UiHAwNpIYPLB4MlEvUhqTQilqUaIxIcPu0A7M7gwzs%2B3Wg6kXL8TAQW8mXjwSL%2F4AEk7G4JF4VBOP6M2LXnyz3ZV2Dy%2F75vvmfd97b%2FZ%2FooySaKbOm7ZPHbtOhO1hpYm0ia%2BpbttLUVbiLZ9x7KoKVXo19en%2B96O3zEKjFTTkYE3qXLY1ylc2cRPPMuzXZ2taUr9%2Bq4KyjiTAcItAGO4hVHgE52K4BOE%2FIdCUzZoTIAy63KnRp6S%2FfIkH68zAOYA96pGVtiDb6BlKgaMNykgVe0k%2BmuRzvvtAsoeYBQlkUdf8WXCJqjlH0ybojPboFDlnBPsgNJYQSlQJhtu9ZS5QNd8gzlaRhzG6LDTlvoEzFZSn6g5YuIt1o0YYcaDdGBkSknIJY45dpFWV9xso%2BzBdIsHAOUXrPsx0nkhdTmxnYEcssZENhNsddYzm4gMzSnOUBoVAsogeCo1GitR1iSwsYT%2FArLBINbyF80bcNuJ2tKOdH3tHu1NfLZRaQJmm6TqUaPiUVA28dSJf7L%2B%2BmHv1bcdCKBSo%2B1lQLR8R1TazV2BLSmNPXJk4%2FpiqHRCoWEYZH%2FtchYms2bxt7DY2n6cWH%2BnJtKnXGkLQn7h5Uginv7ycUH363afQ%2BXC4cHXr7wAULSU2TZ9nbndOpn8f7j7RKC3cDY0my5p4q1SRteLyvbUqaa01b1y7bgNm6HllYjZu4DIojZwqxY%2Fhc0F2jt%2F8%2BQVSjxMpkRLRzTFk4nhflazoSQem3os%2B1Iqys1GLzvilxl44ePCuI%2F4B5b9qU5kDAAA%3D","https://mahatenders.gov.in/nicgep/app?component=bd&page=FAQFrontEnd&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=SUztKX5sytwVAWMoSs3TQ9Q%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=CorrViewDetails&service=direct&session=T&sp=SJU4XG5vzWqYJgK6VMK336w%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSv08UQRSe2%2BMEPDVyQMQCs4bEqJHFyvijkeNiAhxgONBoTMiwOxwDszPDzOxxZ2Gg0YICE7Uz0cJYES38A0ysjMGS2h%2BxVEtNtPHN3q7cbTHZN9%2F33ve992bnB8pphYarouZx6ntVIr0Qa0OUR7ihpuFNxVFJrHMmcKDLVJubmQ%2BzX3afMQf1llGXjw2pCtUwqFBewTU8wjCvjlSMorx6pYy6fUWAERSBcLSFUBYxnE%2FgEhz%2FCZGhbMTeAKEzEH6F3iXt5UsiWmQWzgMc0pDMNSRZQ%2FdQBhwtUUamcZjGvWk8yoN5xW5gFqWQQwP750AS1aO%2BoTXQ6W3RKQrBCOYg1JcSSlRLhhutZY5RPbZM%2FNWiqCfojDRUcAvnyqhA9TWwcB2b5QphxId2E6RLKioUjDlxkdXTot3AOIfpEgUGDmta5TDTMaLMeGo7BztiqY3uSAbNUSdoPrmwo7RXWVCIFIvpdWlQT5EGAVHuFOYRZu4kNfAWjlhxz4p78Y62vj3c3R765KDMBMrVbNd1hY7uk6ajcJGo%2BztPBvOPP285CNUlan4OVCvERL3GvDnYkjY4lKcG9t5nKm8JVBxHOY650PVU1m7es3aXVzYzk7fM8aytt96FoD95%2Bbtbdx%2Bdc3WbfvMpbLx5N3Fm9W8HFC2lNm2fB6%2B%2BdIvbd07%2FMigrgyWDTkLPC7NER4sh1RqWtDDfHNJC7dL5Cx5wbFpB27M7aeQEKPbsKyaP4qOrNvae%2FvkJkrdTSZmRcWYfsmd%2FW5UD7VWSzRa%2BPn%2Fxe%2FPBxeY0WoxDRmdLfsfQK4MGZjijnLjQgztLhvebaBNy4uhQPDW%2FfzA%2FUB86%2B3pD%2FgPayNrc7AMAAA%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_0&page=BiddersManualKit&service=direct&session=T&sp=ZH4sIAAAAAAAAAFVSO0wUQRie2%2BMix6mBA%2BIjGi8hMdHExcr4aOC4SIDj5YEGC8mwOywDczvDzOyxR2EgJlpQaKGdiRaWhMbGzsRGYrAy1IqxsFBbE238Z29X7raY7Mz3%2Ff%2F3%2FY%2FtnyijJLrk8ZrtU8f2iLCrWGkibeJrquv2eHQr8TWfceyqMlX6TurDrYO9F8xC3WXU7mBNPC7rGuXLy7iG%2Bxn2vf6KltT3bpRR1pEEGG4RCJ1NhDKP4FwMl%2BD4Twg0Zf3mBQhHXO5U6DppTV%2FiwQIzcA7gKq2Smbogq%2Bg%2BSoGjRcrIBK4m9%2B7kPui7s5LdxixIIIu65s%2BCIKoGHU1roNPdpFPknBHsg1BPQihRJRiuN6c5QdXQEnFWijyM0UmhKfcNnCmjPFU3wcIU1ksVwogD5cZIu5CUS2hz7CKtJnirgREfukskGDimqOdDT4eI1COJ7QzMiCU2soFwG62O0Vz8YFppntKgEEgW0UOhUVeRui6RhXHsB5gVxqiGXThuxG0jbkcz2vr2ZO9x32cLpUZRpmaqDiXqPCRNBNUFIh9uPzube%2Fply0IoFKjxWZAtHxHVKrNnYEpK46o4f3J%2FN1V5SyDjCMr42OcqTGTN5G1jd2l5MzU2p0%2BlTb61dgT1ies%2FCuHF9%2Fd2VYt%2BYxU2Xr8bvbDytw2SlhKbps6Ogc1Pwzs96wcapYW7qNG5KSId2G3skfni5PT8bKNF87Vrl6%2FYwDBBeWXObFxGH%2Bh1HerFK%2FGxIDf2n%2F%2F5BYJ3E0GRElFkDzJnb0uWbGuWeK75ry9f%2Fd58dLXRiybbENHRFN%2FWt6PR6SKfLkxJIrDEZr0KwwF1CaM%2BUS1SVnQ7GnXN6S282QjPfH8wIP4BhHsa8%2BwDAAA%3D","https://mahatenders.gov.in/nicgep/app?component=cancel&page=ForgotPasswordSendVerification&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=S98BwsXvmPN8feTR67SgZyg%3D%3D","https://mahatenders.gov.in/nicgep/app?component=cancel&page=DocDownCaptcha&service=direct&session=T","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldEVVUkFTeUJyS1hNYXU5NnN6OWJMMnA3czdZZkhWWHJCSgo2MkhxQlluYUx0RGpxU3RITGs0R05hdUlMOHhFWWhFanFXQkxtdW1OaExDUzlGc2RmVStL","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldXFVL0VvV3ozYjhyRXVYcGlEL1hOaVptWnFLcE41SUwyRwpHS1lPV0E1dHFvczFIUVlGcTdFdVphZTh0VXlIK0lNPQ==","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=SJeqflZjZj6QhGkJJ0UcYGw%3D%3D","https://mahatenders.gov.in/nicgep/app?component=%24WebHomeBorder.%24WebRightMenu.%24DirectLink&page=SiteMap&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_10&page=CorrViewDetailsPrint&service=direct&session=T&sp=ZH4sIAAAAAAAAAJVTMW%2FTQBS%2Buo2KSJOmoUQVAqkSU4e6tgsSKktTp0MqN1QKYmNw7BdzxDkf50uaFAnBAkMHGEACJgbGbizMLEiI%2FwBCrMCCxMDCneMkl1IGPJzP3%2Ffeu%2B9993z0DWVihswg6uoEe3oAVPcixnQgHPO%2Bbov9DQz7NsMce25YcTnEDo753bnzz3%2B8P%2FiuoSUH5RvYv0aBYBLIAI6Kzm23666FLgnW6pwJ%2FKqDFkRUvdOwwyhOA%2B%2Bge2hqRCgVhoSUstdphDi%2BBb5ClCSBAyB%2Bp12B2GOYchyRlC0o7HXMw2HWvIr36RDOegxEabV%2Bxo%2B8qs9RQenDiZIu8oKquyFsEzWhkKJ17jKu4LMSxwfHLKlEoicQxU41cQg1tz1quInJ1oSXKaFhX%2B40B50lvruV%2BFWmlEXdwZ2kYYsj8gSXKQPB7QLwSSJLBw4r0FIM0LJDl%2BGmuHVp7WS75%2F7ijzeei3Ege7CB8epQ%2B3RMIo7OKE5UCYcAmLAitx%2BxVpVDu8y8NKFHOVo01lcr4K1ahnV52TQ2DGO5vCthawwb6xLek7BlrdaibgpfGsGGqRQxNywzgefs8TyYHGWkfPGeGczwiUniX8lL9bpUrycjcfj1ycfHFz9paGoHZcR1dKDHUGEcVOu0G8AeHj27kH36%2BVBDqEeRfIqlm%2F%2FXRzxRdjBD99%2B821lp%2FZ4Rp1eGp0vv5jebKy%2FE85Kj09vCY%2BLr1G9ypNXKseTziYTC7Fv5UaLJ%2Bo9jEy5ZlMzch00hZ2EsJ73I4pdXr389eHRF6KlO6BE500p%2B8Wf%2FD6uc3od7BAAA","https://mahatenders.gov.in/nicgep/app?component=cancel&page=FrontEndTendersByValue&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=DocDownCaptcha&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FAQFrontEnd&service=direct&session=T&sp=SC91IC0K9eVfQIhG1uZF1fw%3D%3D","https://mahatenders.gov.in/nicgep/app?page=FrontEndTendersByOrganisation&service=page","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=WebRightMenuLogin&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=CorrViewDetailsPrint&service=direct&session=T&sp=SxQSsHigoMr5U9mlvtchj7HBkqXs%2BoVqL4FT5moivYik%3D","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink_9&page=CorrViewDetailsPrint&service=direct&session=T&sp=SdqMIuMfYzkUu%2FCiIdBq31SNPuIsoAFCFSo9NteXv7lw%3D","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldU15dSt6ckVqaXk3MXIzMFliZk1OS3FUSU5hL0pBQVhXOAp2Z3AzUmhiYW9GcmYyTDllb3VTbjJzNVhkQlI5ZFNVPQ==","https://mahatenders.gov.in/nicgep/includes/Sha512.js","https://mahatenders.gov.in/nicgep/includes/evaluator.js?version=v1.09.07","https://mahatenders.gov.in/nicgep/app?component=%24DirectLink&page=FrontEndAdvancedSearchResult&service=direct&session=T","https://mahatenders.gov.in/nicgep/app?path=%2Fgep%2Fgep3.js&service=asset","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldmxzYk1jT2o1eEJlWDM4bGprODAxTk5KTlc1QVE1alVrSAo0M3E2bVB3bmkxZFgwMHU1MEMxdUR5WW9QclI5aG5nPQ==","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldDFvcTdFaGo4S0ZKd3NtU2JvZUhNK3NhVTVNTFFSL3JBeApuQThNdkhmSzhTbkxYRjFLeDQvWjZHeEpBVmgvajFCK25SS2tKN29WWVpPbGtJeFBQT0VW","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldmxzYk1jT2o1eEJlWDM4bGprODAxTnV3TUNVTS9IQUJjaQo4eG1kK2NiZU1oaTFLa0F4VnVXWXZSMXBWeHJIWjkzbCtCMWM0WU5XVExxaFRDdUZlbmVt","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldGZTQnU3ZW1pRjRCY1V1bmIyZk16TDAzNi9vTlJ6QzRJVgpNVEhNT2g4NGoxTUZGV1B6R21ObEoyNUU3Yzg3Sm9BPQ==","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldmxTTElXVWFsSkpZSVAraTI3RmJxRVhCWmNHdHpLN0t0TAo1TEVBVUg4UkhTbkxYRjFLeDQvWjZHeEpBVmgvajFCK25SS2tKN29WWVpPbGtJeFBQT0VW","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldVlKRVR1Tk9tZ20xSzJRWlJTNG56MjM5SkxWYm9PWjFrVQpPNGNsWVJWL2hESnVQeTNSM2VCTDE3Wi84a1pqQXo2WUZ1QUNFNjdBdU5OME1CaGluWFJH","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldHAyYjFGZGxuWlMrN0U2SFM5dm5YZm15aVU4QTZCeEZHeQpIQ0VYczBmVnZpejFaOFE0Q2p2VUhNcWkzeVhLaE5GVEJSVmo4eHBqWlNkdVJPM1BPeWFB","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldFdqQVJrZEJselp0R0RuVC85WW1ZYjhVMmtxaEc5Y3BtRgozdW1jQ010Si9IRDY4SXkxblJ2YU1tSzVFN1BUOUFncHp3eFhNRnNlbWR0RllYazhLTHl0","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldFdqQVJrZEJselp0R0RuVC85WW1ZYmNaS2RtZStqT3RReApETlhNT3pIdzl6ZE9kanFGZFc2ZEV1YnMxQXh2dHE5SzVqOE5nRzRia0hqMmYvS3BEeDhRMUxRVjV6dkJTNDNMVmdWZktwSjZzUT09","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRlc2kzNUhEYUVNMityZ3M4Vk5ya3NsdmVLdHgydHk5QkoxcQpMejJlYlRoMHlZdXFsYU5ud3lRME5QSzRqeGVaRG1QOEEvV0hSTWNZVUwraGl5MVp3Q0tK","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldjgxYW12U1EvUVNGTkVGaThvb0d4eEhhR1ROaitEUVltUgprT0FKbVo1Z05YUEkzaEY0eXd6ZitoT2NGSm5IVG1odEpHaXBCem5PVmFvV2NYOElMRXZI","https://mahatenders.gov.in/nicgep/FrontEndFileDownloadServlet?marap=ZkFrSWt2WlF5RS9KVVV2M3JzWXQ2anpoYWc2YU8yeWZOMmdIZUM5UHRldUJKMTBrTHpKcFY2R1dPbTNtbmVqdFpYQStGbXhzemplawpzclpEKzF2UWlFMXhjUkM1S0l2T0Qvd3A4eG1rR2JZPQ=="],"duration":20.163201332092285},"passive_scan":{"status":"completed","duration":30.019925117492676},"port_scan":{"status":"completed","target_host":"mahatenders.gov.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"5","status":"completed","duration":7201.210253953934},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}}},{"_id":{"$oid":"6932ab0ec2ae380874eb0dd1"},"created_at":{"$date":"2025-12-05T09:51:10.942Z"},"url":"https://www.internationalpoliceexpo.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.internationalpoliceexpo.com/","scan_timestamp":"20251205_073734","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"passive_scan":{"status":"completed","duration":0.0062525272369384766},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.internationalpoliceexpo.com","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":59,"urls_list":["https://www.internationalpoliceexpo.com/robots.txt","https://www.internationalpoliceexpo.com/sitemap.xml","https://www.internationalpoliceexpo.com/","https://www.internationalpoliceexpo.com/index.html","https://www.internationalpoliceexpo.com/datesandvenue.html","https://www.internationalpoliceexpo.com/about.html","https://www.internationalpoliceexpo.com/index","https://www.internationalpoliceexpo.com/datesandvenue","https://www.internationalpoliceexpo.com/about","https://www.internationalpoliceexpo.com/industry.html","https://www.internationalpoliceexpo.com/exhibitor.html","https://www.internationalpoliceexpo.com/assets/vendor/php-email-form/validate.js","https://www.internationalpoliceexpo.com/gallery25.php","https://www.internationalpoliceexpo.com/gallery22.php","https://www.internationalpoliceexpo.com/visitor-registration.php","https://www.internationalpoliceexpo.com/assets/js/main.js","https://www.internationalpoliceexpo.com/exhibitor-registration.php","https://www.internationalpoliceexpo.com/gallery21.php","https://www.internationalpoliceexpo.com/police-conference.html","https://www.internationalpoliceexpo.com/gallery24.php","https://www.internationalpoliceexpo.com/past-edition.html","https://www.internationalpoliceexpo.com/why.html","https://www.internationalpoliceexpo.com/gallery23.php","https://www.internationalpoliceexpo.com/visitor.html","https://www.internationalpoliceexpo.com/assets/img/favicon.png","https://www.internationalpoliceexpo.com/contact.php","https://www.internationalpoliceexpo.com/assets/vendor/aos/aos.css","https://www.internationalpoliceexpo.com/industry","https://www.internationalpoliceexpo.com/images/partners/Focus_PPE.jpg","https://www.internationalpoliceexpo.com/assets/img/logo.png","https://www.internationalpoliceexpo.com/assets/img/apple-touch-icon.png","https://www.internationalpoliceexpo.com/images/partners/Fireworld_logo.jpg","https://www.internationalpoliceexpo.com/assets/vendor/aos/aos.js","https://www.internationalpoliceexpo.com/police-conference","https://www.internationalpoliceexpo.com/images/partners/Rescue_Management.png","https://www.internationalpoliceexpo.com/images/partners/fsc.png","https://www.internationalpoliceexpo.com/assets/vendor/glightbox/css/glightbox.min.css","https://www.internationalpoliceexpo.com/assets/vendor/swiper/swiper-bundle.min.css","https://www.internationalpoliceexpo.com/images/partners/aitechtonic.jpg","https://www.internationalpoliceexpo.com/images/partners/Secure_Asia.png","https://www.internationalpoliceexpo.com/exhibitor","https://www.internationalpoliceexpo.com/assets/css/main.css","https://www.internationalpoliceexpo.com/assets/vendor/glightbox/js/glightbox.min.js","https://www.internationalpoliceexpo.com/gallery21","https://www.internationalpoliceexpo.com/assets/vendor/bootstrap/js/bootstrap.bundle.min.js","https://www.internationalpoliceexpo.com/images/partners/SafeSecure.jpg","https://www.internationalpoliceexpo.com/past-edition","https://www.internationalpoliceexpo.com/gallery22","https://www.internationalpoliceexpo.com/visitor-registration","https://www.internationalpoliceexpo.com/assets/vendor/bootstrap-icons/bootstrap-icons.css","https://www.internationalpoliceexpo.com/gallery24","https://www.internationalpoliceexpo.com/exhibitor-registration","https://www.internationalpoliceexpo.com/assets/vendor/swiper/swiper-bundle.min.js","https://www.internationalpoliceexpo.com/gallery25","https://www.internationalpoliceexpo.com/assets/img/hero-bg2.jpg","https://www.internationalpoliceexpo.com/assets/vendor/bootstrap/css/bootstrap.min.css","https://www.internationalpoliceexpo.com/images/partners/ADU-Logo.png","https://www.internationalpoliceexpo.com/images/partners/SLI-LOGO-FINAL.png","https://www.internationalpoliceexpo.com/download/Police-Expo-Brochure.pdf"],"duration":10.05505919456482},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.07433795928955},"active_scan":{"scan_id":null,"status":"completed","duration":7201.9469113349915},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}}},{"_id":{"$oid":"6933dfdd38b7fbeaffa25025"},"created_at":{"$date":"2025-12-06T07:48:45.808Z"},"url":"https://voters.eci.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://voters.eci.gov.in/","scan_timestamp":"20251206_073737","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"passive_scan":{"status":"completed","duration":0.009225130081176758},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":20,"urls_list":["https://voters.eci.gov.in/","https://voters.eci.gov.in/sitemap.xml","https://voters.eci.gov.in/robots.txt","https://voters.eci.gov.in/transliteration/js/Fonts/css/cdac-gist-fonts.css","https://voters.eci.gov.in/eci-logo.png","https://voters.eci.gov.in/Packages/font-awesome.min.css","https://voters.eci.gov.in/Packages/bootstrap.min.css","https://voters.eci.gov.in/favicon.ico","https://voters.eci.gov.in/Packages/transliteration/js/CDAC-Typing.js","https://voters.eci.gov.in/angular/scripts.js","https://voters.eci.gov.in/Packages/transliteration/js/CDAC-Typing_A.js","https://voters.eci.gov.in/angular/runtime.js","https://voters.eci.gov.in/Packages/googleapi-font.css","https://voters.eci.gov.in/angular/main.js","https://voters.eci.gov.in/angular/polyfills.js","https://voters.eci.gov.in/Packages/transliteration/js/jquery.js","https://voters.eci.gov.in/static/js/main.24395fcf.js","https://voters.eci.gov.in/static/css/main.919f40d8.css","https://voters.eci.gov.in/static/js/main.b082560b.js","https://voters.eci.gov.in/download-eroll"],"duration":10.04437804222107},"port_scan":{"status":"completed","target_host":"voters.eci.gov.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.07068943977356},"active_scan":{"scan_id":"0","status":"completed","duration":210.08220148086548},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}},"summary":"# Comprehensive Security Analysis Report: Election Commission of India Voter Portal\n\n## Executive Summary\n\nThis detailed technical investigation synthesizes findings from multiple security scanning tools targeting the Election Commission of India's voter portal (voters.eci.gov.in). The analysis reveals a mixed security posture characterized by critical configuration vulnerabilities, concerning data integrity issues, and significant gaps in vulnerability detection capabilities.\n\n**Key Risk Rating: HIGH**\n\nThe investigation identifies critical security misconfigurations that create exploitable attack vectors, coupled with fundamental issues in the security scanning process itself that undermine confidence in the current security assessment methodology.\n\n## 1. Critical Security Misconfigurations\n\n### 1.1 Content Security Policy (CSP) Failures\n\n**Risk Level: CRITICAL**\n\nMultiple independent analyses consistently identify severe CSP misconfigurations that fundamentally compromise the application's defense against client-side attacks:\n\n**Missing Critical Directives:**\n- `frame-ancestors` directive absent, creating clickjacking vulnerability\n- `form-action` directive missing, allowing unauthorized form submissions\n- Both directives lack fallback to `default-src`, effectively permitting any source\n\n**Unsafe Inline Styles:**\n- `style-src` includes `'unsafe-inline'`, significantly increasing XSS attack surface\n- Multiple instances across different endpoints confirm systemic issue\n\n**Technical Impact:**\n- Complete protection failure against clickjacking attacks\n- Potential for CSS-based injection attacks\n- Unauthorized form submission capabilities\n- Bypass of XSS mitigation controls\n\n### 1.2 Cache Control Deficiencies\n\n**Risk Level: MEDIUM-HIGH**\n\nInconsistent cache control implementations create potential for sensitive data exposure:\n\n- Improper cache-control settings on critical resources (sitemap.xml, robots.txt)\n- Partial implementation suggests oversight in resource-specific cache tuning\n- Risk of accidental exposure of voter-related data through browser/proxy caches\n\n## 2. Information Disclosure Vulnerabilities\n\n### 2.1 Unix Timestamp Exposure\n\n**Risk Level: MEDIUM**\n\nSystematic exposure of Unix timestamps across multiple JavaScript files represents significant information disclosure:\n\n**Patterns Identified:**\n- 20+ distinct timestamp disclosures across static JS resources\n- Timestamps span from 2016 to 2035, including future dates\n- Multiple files affected: `main.b082560b.js`, `main.24395fcf.js`\n\n**Security Implications:**\n- Infrastructure fingerprinting capabilities for attackers\n- Potential inference of deployment cycles and patch schedules\n- Future-dated timestamps (2027-2035) suggest hardcoded test values or misconfigured build processes\n- Aggregation risk when combined with other disclosures\n\n### 2.2 Development Artifact Exposure\n\n**Risk Level: LOW-MEDIUM**\n\nPresence of development artifacts in production code indicates poor release hygiene:\n\n- SQL-related keywords in frontend comments (`SELECT`, `USERNAME`, `WHERE`)\n- TODO comments in production JavaScript\n- Debug-related code references in CDAC transliteration API\n\n## 3. Access Control and Authorization Issues\n\n### 3.1 Bad View Exception Handling\n\n**Risk Level: MEDIUM**\n\nXML exception data reveals potential access control violations:\n\n- `bad_view` exceptions indicate failed authorization attempts\n- Error responses lack proper sanitization\n- Potential for privilege escalation attempt identification\n- Missing input validation in view parameter handling\n\n## 4. Critical Scanning and Assessment Failures\n\n### 4.1 Incomplete Vulnerability Detection\n\n**Risk Level: CRITICAL**\n\nThe security scanning process itself exhibits fundamental failures:\n\n**Zero-Findings Anomaly:**\n- Complete absence of detected vulnerabilities across all risk categories\n- Government websites typically exhibit low-to-medium risk items\n- Statistical improbability suggests scanner configuration issues\n\n**Data Integrity Problems:**\n- Missing scan duration data\n- \"VULNERABILITIES: Unknown\" contradictory to detailed breakdown\n- Incomplete metadata in scan reports\n\n### 4.2 Report Inconsistency Issues\n\n**Risk Level: HIGH**\n\nCritical inconsistencies in security reporting undermine assessment reliability:\n\n- Structural report formatting irregularities\n- Contradictory data fields (\"Unknown\" vs. detailed breakdown)\n- Missing essential scan metadata (duration, completion status)\n\n## 5. Behavioral Analysis and User Agent Handling\n\n### 5.1 User Agent-Based Response Variations\n\n**Risk Level: INFORMATIONAL-MEDIUM**\n\nSystematic testing reveals behavioral differences based on client identification:\n\n**Observed Patterns:**\n- Multiple endpoints tested with varied user agents\n- Legacy browser emulation (IE 6-8) triggers different responses\n- Mobile device simulation shows adaptive rendering logic\n- Search engine crawler handling variations detected\n\n**Security Implications:**\n- Potential content differentiation leading to information leakage\n- Fingerprinting opportunities for attackers\n- Possible exposure of alternate functionality to specific clients\n\n## Correlation Analysis and Attack Chain Potential\n\n### Primary Attack Vectors Identified:\n\n1. **Clickjacking Exploitation:**\n - Missing CSP `frame-ancestors` directive enables framing\n - Combined with form submission vulnerabilities for social engineering attacks\n\n2. **XSS and Style Injection:**\n - Unsafe inline styles create CSS injection opportunities\n - Can be chained with other client-side vulnerabilities\n\n3. **Infrastructure Reconnaissance:**\n - Timestamp disclosures enable system fingerprinting\n - User agent response variations aid profiling\n - Development artifact exposure reveals internal logic\n\n4. **Assessment Process Compromise:**\n - Scanner reliability issues create false sense of security\n - Undetected vulnerabilities may persist in production\n\n## Technical Risk Assessment Matrix\n\n| Risk Category | Likelihood | Impact | Overall Risk | Priority |\n|---------------|------------|--------|--------------|----------|\n| CSP Misconfigurations | HIGH | CRITICAL | CRITICAL | IMMEDIATE |\n| Clickjacking Vulnerabilities | HIGH | HIGH | HIGH | IMMEDIATE |\n| XSS Attack Surface | MEDIUM | HIGH | HIGH | IMMEDIATE |\n| Information Disclosure | HIGH | MEDIUM | HIGH | URGENT |\n| Cache Control Issues | MEDIUM | MEDIUM | MEDIUM | SHORT-TERM |\n| Scanning Process Failures | HIGH | HIGH | HIGH | IMMEDIATE |\n| Access Control Bypass | LOW | HIGH | MEDIUM | MEDIUM-TERM |\n\n## Detailed Remediation Recommendations\n\n### Immediate Actions (0-24 hours):\n\n1. **Emergency CSP Hardening:**\n ```http\n Content-Security-Policy: frame-ancestors 'none'; form-action 'self'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests;\n ```\n\n2. **Scanner Configuration Review:**\n - Validate ZAP configuration and scope settings\n - Confirm target URL accessibility during scans\n - Verify scan completion logs and raw data integrity\n\n3. **Incident Response Activation:**\n - Assess potential exploitation of identified vulnerabilities\n - Implement temporary monitoring for clickjacking attempts\n\n### Short-term Actions (1-2 weeks):\n\n1. **Complete CSP Implementation:**\n - Remove `'unsafe-inline'` from `style-src`\n - Implement nonce/hashing for legitimate inline styles\n - Add explicit definitions for all critical directives\n\n2. **Enhanced Security Testing:**\n - Conduct manual penetration testing\n - Run alternative scanning tools for cross-validation\n - Perform authenticated scanning where applicable\n\n3. **Build Process Hardening:**\n - Strip development artifacts from production builds\n - Remove timestamp embeddings from static assets\n - Implement automated security scanning in CI/CD pipeline\n\n### Medium-term Actions (1-3 months):\n\n1. **Comprehensive Security Architecture Review:**\n - Audit all HTTP security headers\n - Implement proper error handling and logging\n - Review access control mechanisms\n\n2. **Monitoring and Detection Enhancement:**\n - Deploy Web Application Firewall (WAF)\n - Implement advanced threat detection\n - Establish security incident response procedures\n\n3. **Process and Governance Improvements:**\n - Establish regular security assessment schedules\n - Implement security testing standards\n - Create vulnerability management workflow\n\n## Compliance and Regulatory Considerations\n\n### Applicable Standards:\n- **OWASP Top 10 (2021):** A05: Security Misconfiguration, A03: Injection\n- **ISO 27001:** Information Security Management\n- **NIST Cybersecurity Framework:** Identify, Protect, Detect functions\n- **Indian IT Act 2000:** Section 43A - Reasonable Security Practices\n\n### Critical Compliance Gaps Identified:\n1. **Security Misconfiguration:** Severe CSP failures violate reasonable security practices\n2. **Data Protection:** Information disclosure risks compromise citizen data protection\n3. **Assessment Reliability:** Failed scanning processes undermine compliance verification\n\n## Conclusion and Strategic Recommendations\n\nThis comprehensive analysis reveals a critical security posture requiring immediate attention. The combination of exploitable vulnerabilities and compromised assessment processes creates a high-risk environment for one of India's most sensitive digital platforms.\n\n**Primary Strategic Recommendations:**\n\n1. **Immediate Vulnerability Remediation:** Address CSP failures and clickjacking vulnerabilities with highest priority\n2. **Assessment Process Overhaul:** Completely rebuild security scanning and testing methodologies\n3. **Continuous Monitoring Implementation:** Deploy real-time threat detection and response capabilities\n4. **Governance Framework Establishment:** Create comprehensive security governance and compliance processes\n\nThe identified vulnerabilities, particularly the CSP misconfigurations and clickjacking exposure, represent immediate risks that could be exploited by adversaries targeting the electoral system. The assessment process failures compound these risks by creating false confidence in the security posture.\n\n**Risk Mitigation Timeline:**\n- **24 Hours:** Emergency patches for critical CSP issues\n- **1 Week:** Enhanced scanning and manual verification\n- **1 Month:** Complete security architecture review and hardening\n- **3 Months:** Full governance and compliance framework implementation\n\nThis investigation underscores the critical importance of robust security practices in electoral systems and the necessity for reliable, comprehensive security assessment methodologies to protect democratic institutions."},{"_id":{"$oid":"69355aa480226ef315be3b2c"},"created_at":{"$date":"2025-12-07T10:44:52.082Z"},"url":"https://www.nobroker.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.nobroker.in/","scan_timestamp":"20251207_094042","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"passive_scan":{"status":"completed","duration":0.0074291229248046875},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.nobroker.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":94,"urls_list":["https://www.nobroker.in/sitemap.xml","https://www.nobroker.in/robots.txt","https://www.nobroker.in/","https://www.nobroker.in/admin","https://www.nobroker.in/api/v1/*/notification/","https://www.nobroker.in/signout","https://www.nobroker.in/falcon/","https://www.nobroker.in/*?amp=2","https://www.nobroker.in/api/v4/","https://www.nobroker.in/_proxy_","https://www.nobroker.in/api/v2/","http://www.nobroker.in/404","https://www.nobroker.in/redirectUrl?redirectUrl","https://www.nobroker.in/admin/","https://www.nobroker.in/api/v1/admin/","https://www.nobroker.in/api/v3/","https://www.nobroker.in/app?type","https://www.nobroker.in/api/v5/","https://www.nobroker.in/.env","https://www.nobroker.in/app_","https://www.nobroker.in/api/v1/","https://www.nobroker.in/*?amp=1","https://www.nobroker.in/404","https://www.nobroker.in/hs-admin/","https://www.nobroker.in/config/","https://www.nobroker.in/chat","https://www.nobroker.in/nb-cms/","https://www.nobroker.in/api/space/","https://www.nobroker.in/nb-interior/","https://www.nobroker.in/nb-nbex/","https://www.nobroker.in/nb-prophub-ui/","https://www.nobroker.in/nb-new/","https://www.nobroker.in/favicon.ico","https://www.nobroker.in/nb-loan/","https://www.nobroker.in/nbpixel","https://www.nobroker.in/NOBRKR/","https://www.nobroker.in/property/listing/","https://www.nobroker.in/nb-interior/css/main.65b79e936ab7e36b0968.css","https://www.nobroker.in/hs-new/","https://www.nobroker.in/analytics/","https://www.nobroker.in/nb-interior/main.77ce51e17cb8f1b78a92.js","https://www.nobroker.in/nb-nbex/favicon.ico","https://www.nobroker.in/nb-interior/public","https://www.nobroker.in/api/v1","https://www.nobroker.in/nb-nbex/main.7ce686b32b2095d4d1eb.js","https://www.nobroker.in/api/v2/property/commercial/buy","https://www.nobroker.in/api/v2/property/commercial/rent","https://www.nobroker.in/api/v1/property/pg","https://www.nobroker.in/nb-interior/public/","https://www.nobroker.in/sitemap/rent/bangalore/flats","https://www.nobroker.in/nb-vip/","https://www.nobroker.in/nb-nbex/public","https://www.nobroker.in/nb-interior/public/xxxHTMLLINKxxx0.247718911601619180.3642355193351383xxx","https://www.nobroker.in/sitemap/rent/bangalore/4bhk","https://www.nobroker.in/sitemap/rent/pune/3bhk","https://www.nobroker.in/sitemap/rent/mumbai/4plusbhk","https://www.nobroker.in/sitemap/rent/mumbai/2bhk","https://www.nobroker.in/sitemap/rent/bangalore/1bhk","https://www.nobroker.in/sitemap/rent/bangalore/2bhk","https://www.nobroker.in/sitemap/rent/mumbai/4bhk","https://www.nobroker.in/sitemap/rent/pune/1rk","https://www.nobroker.in/redirect","https://www.nobroker.in/sitemap/rent/chennai/flats","https://www.nobroker.in/profile/","https://www.nobroker.in/sitemap/rent/mumbai/flats","https://www.nobroker.in/sitemap/rent/pune/1bhk","https://www.nobroker.in/sitemap/rent/pune/flats","https://www.nobroker.in/nb-interior/xxxHTMLLINKxxx0.247718911601619180.3642355193351383xxx","https://www.nobroker.in/nb-nbex/11.2927cca5a6fcb67b4a87.js","https://www.nobroker.in/nb-nbex/css/main.0b23de9a90f6d3be084b.css","https://www.nobroker.in/sitemap/rent/pune/4bhk","https://www.nobroker.in/nb-interior/vendor/vendor.03fb6f832bf15f6ee895.chunk.js","https://www.nobroker.in/sitemap/rent/chennai/1rk","https://www.nobroker.in/nb-nbex/public/","https://www.nobroker.in/on-boarding/","https://www.nobroker.in/api/v2/property/sale","https://www.nobroker.in/flats-for-rent-in-chennai_chennai","https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","https://www.nobroker.in/flats-for-rent-in-bangalore_bangalore","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","https://www.nobroker.in/sitemap/rent/pune/4plusbhk","https://www.nobroker.in/nb-cms-api/","https://www.nobroker.in/sitemap/rent/pune/2bhk","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","https://www.nobroker.in/sitemap/rent/mumbai/3bhk","https://www.nobroker.in/sitemap/rent/mumbai/1rk","https://www.nobroker.in/sitemap/rent/bangalore/4plusbhk","https://www.nobroker.in/sitemap/rent/bangalore/3bhk","https://www.nobroker.in/sitemap/rent/mumbai/1bhk","https://www.nobroker.in/sitemap/rent/bangalore/1rk","https://www.nobroker.in/flats-for-rent-in-mumbai_mumbai","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","https://www.nobroker.in/flats-for-rent-in-pune_pune"],"duration":20.133737564086914},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06933641433716},"active_scan":{"scan_id":"0","status":"completed","duration":420.1454288959503},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}},"summary":"Error: An error occurred (ValidationException) when calling the Converse operation: The model returned the following errors: {\"code\":\"validation_error\",\"message\":\"ErrorEvent { error: APIError { type: \\\"BadRequestError\\\", code: Some(400), message: \\\"This model's maximum context length is 131072 tokens. However, your request has 436459 input tokens. Please reduce the length of the input messages. None\\\", param: None } }\",\"param\":null,\"type\":\"invalid_request_error\"}"},{"_id":{"$oid":"6935b197c66bc33e34f8b43e"},"created_at":{"$date":"2025-12-07T16:55:51.557Z"},"url":"https://freesearchigrservice.maharashtra.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://freesearchigrservice.maharashtra.gov.in/","scan_timestamp":"20251207_164136","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":0.027065515518188477},"passive_scan":{"status":"completed","duration":0.015497207641601562},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"freesearchigrservice.maharashtra.gov.in","open_ports":[443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":2,"urls_list":["https://freesearchigrservice.maharashtra.gov.in/robots.txt","https://freesearchigrservice.maharashtra.gov.in/sitemap.xml"],"duration":30.059616565704346},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":720.2571084499359},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}},"summary":"# **Investigative Security Analysis Report** \n**Target**: `https://freesearchigrservice.maharashtra.gov.in` \n**Date of Analysis**: April 5, 2025 \n\n---\n\n## **Executive Summary**\n\nThis investigative report synthesizes findings from multiple security tool outputs targeting the Maharashtra government’s online IGR (Indian Registration) service portal. Despite initial appearances of a \"clean\" scan, deeper analysis reveals a complex landscape of **incomplete reports**, **structural anomalies**, **misconfigurations**, and **behavioral inconsistencies** that collectively pose a moderate-to-high risk to the integrity and confidentiality of the system.\n\nKey findings include:\n- A **tampered or invalid ZAP scan summary** with a future timestamp and missing vulnerability data.\n- **Missing security headers** exposing server technology and increasing susceptibility to XSS.\n- **Behavioral inconsistencies** in response to varied user agents, indicating potential fingerprinting surfaces.\n- A **critical \"Bad View\" XML exception**, suggesting improper input handling or access control issues.\n\nCollectively, these findings indicate a **lack of robust security hardening**, inconsistent scanning practices, and potential avenues for reconnaissance or exploitation.\n\n---\n\n## **1. Structural Anomalies in Scanning Output**\n\n### **Finding**: Tampered or Invalid ZAP Scan Summary \n**Source**: `zap_summary.txt` \n**Risk Level**: HIGH \n**Confidence**: HIGH \n\n### **Details**:\n- The scan summary claims **zero vulnerabilities** across all categories.\n- Contains a **future timestamp** (`2025-12-07`), raising serious concerns about authenticity.\n- Missing critical fields: scan duration, vulnerability breakdown, OWASP Top 10 mapping.\n\n### **Analysis**:\nA zero-vulnerability result for a public-facing government service is statistically improbable. The presence of a future timestamp strongly suggests one of the following:\n- **Clock drift or misconfiguration** in the scanning environment.\n- **Manual report manipulation** or fabrication.\n- **Incomplete or failed scan execution** masked by a pre-filled template.\n\n### **Correlation**:\nOther files (`zap_report.json`, `filtered_json.json`) confirm the presence of actual findings, directly contradicting the \"clean\" summary. This discrepancy undermines trust in the entire dataset.\n\n### **Recommendation**:\n- **Discard the current report** and re-run a full authenticated scan with proper logging.\n- Implement **timestamp validation** and **checksum-based integrity checks** for future reports.\n\n---\n\n## **2. Security Misconfigurations and Information Disclosure**\n\n### **Finding**: Missing Security Headers \n**Source**: `zap_report.json` \n**Risk Level**: MEDIUM \n**Confidence**: HIGH \n\n### **Details**:\n- **Missing Content-Security-Policy (CSP)** header on key assets (`robots.txt`, `sitemap.xml`).\n- Exposure of server details:\n - `Server: Microsoft-IIS/10.0`\n - `X-Powered-By: ASP.NET`\n\n### **Analysis**:\n- Lack of CSP increases the risk of **Cross-Site Scripting (XSS)** attacks.\n- Server version disclosure enables attackers to target known exploits for IIS 10.0 and ASP.NET.\n- These are classic indicators of **poor security hardening** practices.\n\n### **Correlation**:\nThe absence of these headers aligns with the broader theme of inconsistent configurations and lack of proactive defense-in-depth strategies.\n\n### **Recommendation**:\n- Implement a strict **Content-Security-Policy**.\n- Strip or obfuscate server identification headers.\n- Regularly audit HTTP response headers for compliance with security baselines.\n\n---\n\n## **3. Behavioral Inconsistencies via User Agent Fuzzing**\n\n### **Finding**: Differential Responses to User Agents \n**Source**: `filtered_json.json`, `zap_report.json` \n**Risk Level**: INFORMATIONAL to LOW \n**Confidence**: MEDIUM \n\n### **Details**:\n- Multiple tests with varied user agents (IE6, Chrome, Googlebot, iPhone) yielded **different responses**.\n- No evidence of malicious behavior, but **content differentiation** was observed.\n\n### **Analysis**:\n- While not inherently exploitable, such behavior can:\n - Aid **fingerprinting** and reconnaissance.\n - Reveal **device-specific logic** or hidden endpoints.\n - Indicate **insecure content negotiation** or flawed access control.\n\n### **Correlation**:\nThe repeated use of Plugin ID `10104` across multiple entries confirms this as a **systemic behavior** rather than an isolated edge case.\n\n### **Recommendation**:\n- Audit server-side logic for **user-agent-dependent responses**.\n- Enforce **consistent behavior** unless intentional differentiation is required and secured.\n- Monitor logs for unusual user-agent patterns.\n\n---\n\n## **4. Critical Exception: “Bad View” Error**\n\n### **Finding**: XML Exception with Code `bad_view` \n**Source**: `zap_report.xml` \n**Risk Level**: MEDIUM-HIGH \n**Confidence**: HIGH \n\n### **Details**:\n- Minimal XML response with ``.\n- Encoding: UTF-8; standalone: false (suggests reliance on external schema/DTD).\n\n### **Analysis**:\n- \"Bad View\" typically indicates:\n - **Invalid or unauthorized view access**.\n - **Malformed input** leading to rendering failures.\n - **Improper error handling** that leaks system behavior.\n\n### **Correlation**:\nThis error aligns with the earlier findings of inconsistent server behavior and potential access control gaps. It may represent a **failed access attempt** or a **misconfigured route/view handler**.\n\n### **Recommendation**:\n- Correlate this exception with **access logs** and **application logs**.\n- Implement **generic error pages** to prevent information leakage.\n- Enhance **input validation** and **access control enforcement**.\n\n---\n\n## **5. Unified Risk Profile**\n\n| Category | Risk Level | Justification |\n|-----------------------------|------------|-------------------------------------------------------------------------------|\n| Report Authenticity | HIGH | Future timestamp, missing data, template inconsistencies |\n| Security Misconfigurations | MEDIUM | Missing CSP, server fingerprinting |\n| Behavioral Inconsistencies | LOW | User-agent differentiation without clear security impact |\n| Input Handling | MEDIUM | \"Bad View\" exception suggests weak validation or access control |\n| Overall Posture | MODERATE | Cumulative effect of misconfigurations and incomplete security practices |\n\n---\n\n## **Conclusion**\n\nDespite the appearance of a \"clean\" scan, the Maharashtra IGR service portal exhibits multiple signs of **inadequate security hygiene**, **incomplete assessments**, and **potential vulnerabilities**. The most alarming aspect is the **invalid scan summary**, which undermines the credibility of the entire assessment process.\n\n### **Immediate Actions Required**:\n1. **Re-run Full Security Scan**: Authenticated, timestamped, and logged.\n2. **Implement Security Headers**: CSP, remove server identification headers.\n3. **Audit User-Agent Handling**: Ensure consistent responses.\n4. **Investigate \"Bad View\" Exceptions**: Correlate with logs and tighten access controls.\n\n### **Long-Term Strategic Recommendations**:\n- Establish a **formal vulnerability management program**.\n- Integrate **automated security scanning** into CI/CD pipelines.\n- Conduct **periodic third-party penetration testing**.\n- Train development teams on **secure coding practices** and **OWASP guidelines**.\n\n---\n\n## **Appendices**\n\n### **Appendix A: File Mapping**\n| File | Tool/Source | Purpose |\n|-----------------------|------------------|----------------------------------------------|\n| `zap_summary.txt` | OWASP ZAP | Scan summary (INVALIDATED due to anomalies) |\n| `zap_report.json` | OWASP ZAP | Detailed vulnerability findings |\n| `filtered_json.json` | OWASP ZAP | User-agent fuzzer results |\n| `zap_report.xml` | Unknown | Exception report |\n\n### **Appendix B: Key Indicators of Compromise (IOCs)**\n- Future-dated scan report\n- Missing CSP headers\n- Server version disclosure\n- Behavioral inconsistency in user-agent responses\n- \"Bad View\" XML exception\n\n---\n\n**Prepared By**: Lead Security Analyst \n**Date**: April 5, 2025 \n**Status**: Final – For Internal Distribution Only"},{"_id":{"$oid":"693668c161c967dc4716c91b"},"created_at":{"$date":"2025-12-08T05:57:21.636Z"},"url":"https://www.sih.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.sih.gov.in/","scan_timestamp":"20251208_052926","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"passive_scan":{"status":"completed","duration":0.018423080444335938},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.sih.gov.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":138,"urls_list":["https://www.sih.gov.in/sitemap.xml","https://www.sih.gov.in/robots.txt","https://www.sih.gov.in/","https://www.sih.gov.in/sih2017","https://www.sih.gov.in/signin","https://www.sih.gov.in/sih2018Software","https://www.sih.gov.in/sih2018Hardware","https://www.sih.gov.in/sih2019","https://www.sih.gov.in/sih2024","https://www.sih.gov.in/sih2023s","https://www.sih.gov.in/sih2019Hard","https://www.sih.gov.in/implementationTeam","https://www.sih.gov.in/projectImplementation","https://www.sih.gov.in/sih2020Hardware","https://www.sih.gov.in/sih2022s","https://www.sih.gov.in/sih2025/nodalcenter","https://www.sih.gov.in/sih2020Software","https://www.sih.gov.in/letters/SIH2025-IDEA-Presentation-Format.pptx","https://www.sih.gov.in/faqs","https://www.sih.gov.in/contactUs","https://www.sih.gov.in/pdf/past_events/Winners_2018HW.pdf","https://www.sih.gov.in/pdf/SIH2025_Letter_from_Chairman_AICTE_semester_exam.pdf","https://www.sih.gov.in/letters/Guidelines-how-to-apply-college.pdf","https://www.sih.gov.in/sih2025/shortlisted-teams-grand-finale","https://www.sih.gov.in/know-your-spoc","https://www.sih.gov.in/sih2024/sih2024-grand-finale-result","https://www.sih.gov.in/pdf/past_events/software_2019.pdf","https://www.sih.gov.in/pdf/past_events/Winners_2017.pdf","https://www.sih.gov.in/sih2023-grand-finale-result","https://www.sih.gov.in/forgot_password","https://www.sih.gov.in/css/mobile-menu.css","https://www.sih.gov.in/letters/SIH2025-Guidelines-College-SPOC-updated.pdf","https://www.sih.gov.in/img/favicon-sih.png","https://www.sih.gov.in/pdf/past_events/sih_2020.pdf","https://www.sih.gov.in/sih2025PS","https://www.sih.gov.in/css/bootstrap.css","https://www.sih.gov.in/pdf/past_events/hardware_2019_winner.pdf","https://www.sih.gov.in/HardwarenodalCenterList","https://www.sih.gov.in/nodalCenterList","https://www.sih.gov.in/collegeRegistration","https://www.sih.gov.in/pdf/past_events/Winners_2018SW.pdf","https://www.sih.gov.in/css/font-awesome.css","https://www.sih.gov.in/css/slick-test.css","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-grand-finale-inoguration-3.png","https://www.sih.gov.in/pdf/past_events/hardware_2022.pdf","https://www.sih.gov.in/sih2024PS","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-2.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-6.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-3.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-5.png","https://www.sih.gov.in/img/icon_automobiles.png","https://www.sih.gov.in/img/preScreeningResult-Jr-bg.jpg","https://www.sih.gov.in/letters/SIH-Process-flow-chart-final.pdf","https://www.sih.gov.in/letters/Internal-Hackathon-Process-flow-chart-final.png","https://www.sih.gov.in/css/animate.css","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-7.png","https://www.sih.gov.in/pdf/SIH-SOFTWARE-RESULT.pdf","https://www.sih.gov.in/css/bootstrap-select.css","https://www.sih.gov.in/img/events/sih-2022/p3.jpg","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-7.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-10.png","https://www.sih.gov.in/img/events/sih-2019-software/8.JPG","https://www.sih.gov.in/img/events/sih-2022/si1.jpg","https://www.sih.gov.in/img/events/sih-2022/11.jpg","https://www.sih.gov.in/img/action6.jpg","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-10.png","https://www.sih.gov.in/img/icon_heritage.png","https://www.sih.gov.in/letters/Idea%20ppt.pptx","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-4.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-9.png","https://www.sih.gov.in/letters/SIH2025-Guidelines-College-SPOC.pdf","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-3.png","https://www.sih.gov.in/pdf/IdeasubmissionprocessSIH2020.pdf","https://www.sih.gov.in/img/icon_waste.png","https://www.sih.gov.in/img/icon_healthcare.png","https://www.sih.gov.in/img/project-implementation.jpg","https://www.sih.gov.in/img/icon_communication.png","https://www.sih.gov.in/img/events/sih-2019-software/1.jpg","https://www.sih.gov.in/img/smart-education.png","https://www.sih.gov.in/img/events/sih-2022/2.jpg","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-1.png","https://www.sih.gov.in/img/action5.jpg","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-8.png","https://www.sih.gov.in/img/icon_import.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-6.png","https://www.sih.gov.in/img/action7.jpg","https://www.sih.gov.in/img/recog-visiblity.png","https://www.sih.gov.in/img/imp-team/yogesh-brahmankar.jpg","https://www.sih.gov.in/img/icon_agriculture.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-9.png","https://www.sih.gov.in/img/icon_drone.png","https://www.sih.gov.in/img/icon_technology.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-2.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-8.png","https://www.sih.gov.in/img/events/sih-2022/PM1.jpg","https://www.sih.gov.in/img/icon_sport.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-grand-finale-inoguration-mr-prakar-javadekar.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-grand-finale-mr-nitin-gadkari.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-4.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-minister-interacting-students-1.png","https://www.sih.gov.in/img/events/sih-2022/hw2.jpg","https://www.sih.gov.in/img/inovative-solution.png","https://www.sih.gov.in/img/imp-team/Arindam-Mandal.jpg","https://www.sih.gov.in/img/events/sih-2022/4.png","https://www.sih.gov.in/img/events/sih-2019-software/9.JPG","https://www.sih.gov.in/img/action9.jpg","https://www.sih.gov.in/img/events/sih-2022/3.jpg","https://www.sih.gov.in/img/icon_security.png","https://www.sih.gov.in/img/action8.jpg","https://www.sih.gov.in/img/disaster-management.png","https://www.sih.gov.in/img/icon_renewable.png","https://www.sih.gov.in/img/closeIcon.png","https://www.sih.gov.in/img/events/sih-2018-software/sih-2018-winner-5.png","https://www.sih.gov.in/img/icon_water.png","https://www.sih.gov.in/img/icon_education.png","https://www.sih.gov.in/img/out-of-box-solution.png","https://www.sih.gov.in/img/people/prakash-javadekar.png","https://www.sih.gov.in/img/action10.jpg","https://www.sih.gov.in/img/problem-statement-bg.jpg","https://www.sih.gov.in/img/icon_tourism.png","https://www.sih.gov.in/img/preScreeningResult-bg.jpg","https://www.sih.gov.in/img/people/m1_new.png","https://www.sih.gov.in/img/people/gagandeep.jpg","https://www.sih.gov.in/img/people/nitin-bhide.png","https://www.sih.gov.in/img/people/PN.jpg","https://www.sih.gov.in/img/people/Puneet-Sharma.png","https://www.sih.gov.in/img/people/sihSarim.png","https://www.sih.gov.in/img/people/C-Manivannan.png","https://www.sih.gov.in/img/imp-team/ankush-sharma.jpg","https://www.sih.gov.in/img/events/sih-2022/P1.jpg","https://www.sih.gov.in/img/people/face.png","https://www.sih.gov.in/img/people/saurabh-nirmal.jpg","https://www.sih.gov.in/pdf/AWS-TEAM.pdf","https://www.sih.gov.in/img/people/Rajesh-Shah.png","https://www.sih.gov.in/img/people/aishwarya-patil.png","https://www.sih.gov.in/img/people/Smita-Kelkar.png","https://www.sih.gov.in/letters/Nodal-Center-Organizer-Manual-and-Guidelines.pdf","https://www.sih.gov.in/img/people/Yogesh-Topale.png"],"duration":60.31119918823242},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.10340690612793},"active_scan":{"scan_id":"0","status":"completed","duration":180.05833649635315},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}},"summary":"Error: An error occurred (ValidationException) when calling the Converse operation: The model returned the following errors: {\"code\":\"validation_error\",\"message\":\"ErrorEvent { error: APIError { type: \\\"BadRequestError\\\", code: Some(400), message: \\\"This model's maximum context length is 131072 tokens. However, your request has 200256 input tokens. Please reduce the length of the input messages. None\\\", param: None } }\",\"param\":null,\"type\":\"invalid_request_error\"}"},{"_id":{"$oid":"69368a0ca12659b9af4a494f"},"created_at":{"$date":"2025-12-08T08:19:24.265Z"},"url":"http://testphp.vulnweb.com/","tool":"owaspzap","result":{"status":"completed","target_url":"http://testphp.vulnweb.com/","scan_timestamp":"20251208_072934","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"passive_scan":{"status":"completed","duration":0.016416549682617188},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":42,"urls_list":["http://testphp.vulnweb.com/robots.txt","http://testphp.vulnweb.com/","http://testphp.vulnweb.com/sitemap.xml","http://testphp.vulnweb.com/artists.php","http://testphp.vulnweb.com/index.php","http://testphp.vulnweb.com/disclaimer.php","http://testphp.vulnweb.com/categories.php","http://testphp.vulnweb.com/cart.php","http://testphp.vulnweb.com/userinfo.php","http://testphp.vulnweb.com/guestbook.php","http://testphp.vulnweb.com/AJAX/index.php","http://testphp.vulnweb.com/search.php?test=query","http://testphp.vulnweb.com/images/logo.gif","http://testphp.vulnweb.com/high","http://testphp.vulnweb.com/login.php","http://testphp.vulnweb.com/hpp/","http://testphp.vulnweb.com/privacy.php","http://testphp.vulnweb.com/style.css","http://testphp.vulnweb.com/Mod_Rewrite_Shop/","http://testphp.vulnweb.com/Flash/add.swf","http://testphp.vulnweb.com/artists.php?artist=2","http://testphp.vulnweb.com/artists.php?artist=1","http://testphp.vulnweb.com/artists.php?artist=3","http://testphp.vulnweb.com/listproducts.php?cat=1","http://testphp.vulnweb.com/images/remark.gif","http://testphp.vulnweb.com/hpp/?pp=12","http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/","http://testphp.vulnweb.com/signup.php","http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/","http://testphp.vulnweb.com/AJAX/styles.css","http://testphp.vulnweb.com/listproducts.php?cat=2","http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/1.jpg","http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/","http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/3.jpg","http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12","http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/2.jpg","http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/","http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/","http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1.html","http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-3.html","http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/","http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2.html"],"duration":10.089671850204468},"port_scan":{"status":"completed","target_host":"testphp.vulnweb.com","open_ports":[80],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.09234881401062},"active_scan":{"scan_id":"0","status":"completed","duration":2430.6205456256866},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}},"summary":"# Comprehensive Security Analysis Report\n\n## Executive Summary\n\nThis security analysis examined a deliberately vulnerable test application (testphp.vulnweb.com) to demonstrate common web application security weaknesses. The assessment revealed a comprehensive pattern of security misconfigurations, missing fundamental security controls, and multiple vulnerabilities that collectively create a significant attack surface. While individually classified as low to medium risk, the combination of these issues represents a systemic security posture problem that would be unacceptable in production environments.\n\n## Key Findings\n\n### 1. Critical Security Control Absence\nThe most alarming finding is the complete absence of fundamental security mechanisms:\n- **No Cross-Site Request Forgery (CSRF) protection** across multiple forms\n- **Missing Content Security Policy (CSP)** headers site-wide\n- **No anti-clickjacking protections** on critical pages\n- **Absence of security headers** including X-Content-Type-Options\n\n### 2. Systemic Security Misconfigurations\nMultiple endpoints consistently exhibit the same security gaps, indicating server-wide configuration issues rather than isolated problems:\n- **Information disclosure** through verbose server headers exposing technology stack\n- **Missing security headers** across all application paths\n- **Inconsistent character encoding** creating potential exploitation vectors\n\n### 3. Confirmed High-Risk Vulnerabilities\nDespite the test environment nature, several confirmed exploitable vulnerabilities were identified:\n- **Reflected Cross-Site Scripting (XSS)** on search functionality\n- **SQL Injection vulnerabilities** with error-based confirmation\n- **Server-side information disclosure** enabling targeted attacks\n\n## Detailed Analysis\n\n### Security Control Deficiencies\n\n#### CSRF Protection Complete Absence\nThe application demonstrates a complete failure to implement CSRF protection mechanisms. Multiple forms including guestbook entries, search functions, and user registration lack any form of anti-CSRF tokens. This represents a fundamental breakdown in session management security that would allow attackers to force authenticated users to perform unintended actions.\n\nThe vulnerability is particularly concerning because:\n- It affects authenticated functionality\n- No compensating controls are present\n- The attack vector is straightforward to exploit\n- Impact could include account manipulation and data compromise\n\n#### Content Security Policy Missing\nEvery endpoint examined lacked Content Security Policy headers, leaving the application completely unprotected against XSS and data injection attacks. CSP represents a critical defense-in-depth mechanism that should be implemented even when other protections exist.\n\nThe absence of CSP creates:\n- Unmitigated XSS attack surface\n- No restrictions on script execution sources\n- Increased difficulty in detecting malicious content injection\n- Lack of violation reporting capabilities\n\n#### Clickjacking Vulnerabilities\nMultiple critical pages including login functionality, shopping cart operations, and user profile management lack clickjacking protections. This vulnerability allows attackers to embed legitimate pages within malicious frames, potentially tricking users into performing unintended actions.\n\nAffected functionality includes:\n- Authentication pages\n- Transaction processing\n- Personal information management\n- Shopping cart operations\n\n### Information Disclosure and Fingerprinting\n\n#### Technology Stack Exposure\nThe application extensively leaks its technology stack through HTTP response headers:\n- **nginx/1.19.0** - Specific web server version enabling targeted exploits\n- **PHP/5.6.40** - Severely outdated PHP version with known critical vulnerabilities\n- **Ubuntu 20.04.1** - Operating system version information\n\nThis information disclosure creates multiple attack vectors:\n- Enables version-specific exploit targeting\n- Facilitates fingerprinting for automated attack tools\n- Reveals outdated components with published vulnerabilities\n- Provides reconnaissance data for sophisticated attacks\n\n#### Security Header Absence\nBeyond CSP, multiple other security headers are consistently missing:\n- **X-Content-Type-Options** - Allows MIME-sniffing in older browsers\n- **X-Frame-Options** - Missing clickjacking protection\n- **X-XSS-Protection** - No legacy XSS filtering controls\n\n### Confirmed Exploitable Vulnerabilities\n\n#### Cross-Site Scripting (XSS)\nMultiple reflected XSS vulnerabilities were confirmed through successful payload execution:\n- Search parameter injection with script execution confirmation\n- Artist parameter manipulation resulting in code execution\n- Parameter pollution techniques proving vulnerability existence\n\nThe XSS vulnerabilities are particularly dangerous because:\n- They affect multiple application entry points\n- Successful exploitation demonstrated through alert() execution\n- Could lead to session hijacking and account compromise\n- Enable phishing and social engineering attacks\n\n#### SQL Injection\nConfirmed SQL injection vulnerabilities were identified through error-based detection:\n- Search functionality parameter manipulation\n- Artist selection parameter exploitation\n- Database error message disclosure confirming vulnerability\n\nThe SQL injection vulnerabilities pose severe risks:\n- Potential for complete database compromise\n- Data extraction and manipulation capabilities\n- Possible privilege escalation within database\n- Foundation for further system compromise\n\n## Risk Assessment\n\n### Overall Risk Level: HIGH\n\nThe combination of security control absences, confirmed vulnerabilities, and systemic misconfigurations creates an unacceptably high-risk posture. While individual findings may be classified as low to medium severity, their collective impact significantly elevates the overall risk.\n\n### Risk Factors\n\n1. **Attack Surface Breadth**: Vulnerabilities exist across multiple application functions\n2. **Exploitation Simplicity**: Most vulnerabilities require minimal skill to exploit\n3. **Impact Severity**: Successful exploitation could result in complete compromise\n4. **Compounding Effects**: Missing security controls enable vulnerability chaining\n5. **Persistence**: Systemic issues indicate fundamental architectural problems\n\n### Vulnerability Chaining Potential\n\nThe security gaps identified enable powerful attack combinations:\n- XSS → Session hijacking → CSRF exploitation\n- Information disclosure → Targeted exploits → Privilege escalation\n- Missing CSP → XSS exploitation → Data exfiltration\n- SQL injection → Data compromise → Further system access\n\n## Patterns and Anomalies\n\n### Consistent Misconfiguration Patterns\nThe analysis revealed several consistent patterns indicating systemic issues:\n- Universal absence of security headers across all endpoints\n- Identical information disclosure patterns on every page\n- Consistent lack of input validation and output encoding\n- Uniform failure to implement fundamental security controls\n\n### Technology Stack Concerns\nThe disclosed technology stack raises significant concerns:\n- **PHP 5.6.40** - End-of-life since December 2018 with numerous known vulnerabilities\n- **nginx 1.19.0** - Potentially vulnerable to published exploits\n- **Ubuntu 20.04.1** - May lack current security patches\n\n### Configuration Management Issues\nThe consistent security gaps suggest poor configuration management:\n- No centralized security header implementation\n- Lack of security hardening procedures\n- Absence of automated security validation\n- No distinction between development and production configurations\n\n## Recommendations\n\n### Immediate Actions (Priority 1)\n\n1. **Implement CSRF Protection**\n - Add anti-CSRF tokens to all state-changing forms\n - Validate tokens server-side before processing requests\n - Use established libraries rather than custom implementations\n\n2. **Deploy Content Security Policy**\n - Implement restrictive CSP headers site-wide\n - Start with report-only mode to identify conflicts\n - Gradually tighten policy based on application requirements\n\n3. **Address SQL Injection Vulnerabilities**\n - Implement parameterized queries for all database operations\n - Add input validation and sanitization layers\n - Remove detailed database error messages from responses\n\n### High Priority Actions (Priority 2)\n\n4. **Implement Clickjacking Protections**\n - Add X-Frame-Options headers to prevent framing\n - Implement CSP frame-ancestors directives\n - Apply protections to all sensitive pages\n\n5. **Remediate Information Disclosure**\n - Suppress server version information in HTTP headers\n - Remove X-Powered-By headers entirely\n - Implement generic server identification\n\n6. **Fix XSS Vulnerabilities**\n - Implement proper output encoding for all user data\n - Add input validation and sanitization\n - Deploy XSS protection headers\n\n### Medium Priority Actions (Priority 3)\n\n7. **Implement Missing Security Headers**\n - Add X-Content-Type-Options: nosniff\n - Implement X-XSS-Protection where applicable\n - Consider additional defensive headers\n\n8. **Address Character Encoding Issues**\n - Standardize on UTF-8 encoding throughout application\n - Ensure consistent charset declarations\n - Validate encoding assumptions in processing\n\n### Long-term Strategic Improvements\n\n9. **Upgrade Technology Stack**\n - Migrate from end-of-life PHP 5.6 to supported version\n - Update nginx to current stable release\n - Implement regular patch management procedures\n\n10. **Establish Security Development Lifecycle**\n - Integrate security testing into development workflow\n - Implement automated security scanning\n - Provide security training for development teams\n\n11. **Implement Comprehensive Monitoring**\n - Add security header validation to deployment pipeline\n - Implement CSP violation reporting\n - Monitor for security header absence in production\n\n## Conclusion\n\nThis analysis reveals a fundamentally insecure web application suffering from multiple critical security gaps. The combination of missing fundamental security controls, confirmed exploitable vulnerabilities, and extensive information disclosure creates an unacceptably high-risk environment. \n\nThe systemic nature of these issues indicates problems with security architecture and configuration management rather than isolated coding mistakes. Immediate remediation of the most critical vulnerabilities is essential, followed by comprehensive hardening of the entire application stack.\n\nThe vulnerabilities identified represent common security failures found in real-world applications, making this analysis highly relevant for understanding and preventing similar security issues in production environments. The absence of basic security controls like CSRF protection and CSP headers is particularly concerning as these represent fundamental defensive measures that should be present in all modern web applications.\n\nOrganizations should treat the identified patterns as red flags for their own security posture assessments and ensure that fundamental security controls are implemented as baseline requirements rather than optional enhancements."},{"_id":{"$oid":"69371f36370977e93e579cb2"},"created_at":{"$date":"2025-12-08T18:55:50.062Z"},"url":"http://testhtml5.vulnweb.com","tool":"owaspzap","result":{"status":"completed","target_url":"http://testhtml5.vulnweb.com","scan_timestamp":"20251208_184648","output_directory":"/home/apogean/projects/vapt/web_vapt/results/zap_reports","scan_results":{"passive_scan":{"status":"completed","duration":0.00495457649230957},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"traditional_spider":{"scan_id":"0","status":"completed","urls_found":12,"urls_list":["http://testhtml5.vulnweb.com","http://testhtml5.vulnweb.com/sitemap.xml","http://testhtml5.vulnweb.com/","http://testhtml5.vulnweb.com/robots.txt","http://testhtml5.vulnweb.com/static/css/style.css","http://testhtml5.vulnweb.com/static/app/app.js","http://testhtml5.vulnweb.com/static/app/services/itemsService.js","http://testhtml5.vulnweb.com/static/img/logo2.png","http://testhtml5.vulnweb.com/static/app/libs/sessvars.js","http://testhtml5.vulnweb.com/static/app/controllers/controllers.js","http://testhtml5.vulnweb.com/static/app/post.js","http://testhtml5.vulnweb.com/login"],"duration":10.037676572799683},"port_scan":{"status":"completed","target_host":"testhtml5.vulnweb.com","open_ports":[80],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.07456541061401},"active_scan":{"scan_id":"0","status":"completed","duration":270.09707617759705},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.json","csv":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.csv","xml":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.xml","html":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_report.html","summary":"/home/apogean/projects/vapt/web_vapt/results/zap_reports/zap_summary.txt"}}}},"summary":"### Tool Name: OWASP ZAP (Zed Attack Proxy)\n### Website URL: https://www.zaproxy.org/\n\n---\n\n## 1. Investigative Analysis\n\nA comprehensive vulnerability assessment and penetration test was conducted against `http://testhtml5.vulnweb.com` using OWASP ZAP and correlated outputs from multiple scan formats (CSV, XML, JSON, and summary reports). The assessment included active and passive scanning, spidering, header analysis, and user-agent fuzzing. The application demonstrates a modern web architecture with dynamic content and AJAX endpoints.\n\n**Critical security gaps identified:**\n- Absence of anti-CSRF tokens on authentication and state-changing endpoints.\n- Overly permissive CORS policy (`Access-Control-Allow-Origin: *`).\n- Missing security headers (CSP, X-Frame-Options, X-Content-Type-Options).\n- Use of outdated and externally hosted JavaScript libraries without Subresource Integrity (SRI).\n- Server version disclosure via HTTP headers.\n- Potential for cookie poisoning and insecure cookie attributes.\n- Information disclosure through source code comments.\n\nNo direct critical (CVSS 9.0+) vulnerabilities such as RCE, SQLi, or XSS were detected, but the identified misconfigurations and missing controls significantly increase the risk of exploitation, especially if chained with other vulnerabilities.\n\n---\n\n## 2. Critical Findings (CVSS 9.0-10.0)\n\n**No direct critical (CVSS 9.0+) vulnerabilities were identified in the current assessment.** \nHowever, several findings (notably the absence of anti-CSRF tokens and CORS misconfiguration) can be escalated to critical risk if combined with other weaknesses (e.g., XSS, IDOR).\n\n---\n\n## 3. High-Risk Vulnerabilities (CVSS 7.0-8.9)\n\n### 3.1 Absence of Anti-CSRF Tokens\n- **CWE-352: Cross-Site Request Forgery (CSRF)**\n- **CVSS (Estimated):** 7.5 (High)\n- **Affected Systems:** All state-changing endpoints, notably `/login`\n- **Exploitation Difficulty:** Low (requires user to be authenticated)\n- **Technical Analysis:** \n - No anti-CSRF token present in forms or headers.\n - Attacker can craft malicious requests that are accepted by the server if the victim is authenticated.\n- **Proof of Concept:** \n - Submit a POST request to `/login` or other state-changing endpoints from a third-party site without a CSRF token; observe successful action.\n\n### 3.2 Overly Permissive CORS Policy\n- **CWE-264: Permissions, Privileges, and Access Controls**\n- **CVSS (Estimated):** 7.5 (High)\n- **Affected Systems:** All endpoints responding with `Access-Control-Allow-Origin: *`\n- **Exploitation Difficulty:** Low (if sensitive data is accessible unauthenticated)\n- **Technical Analysis:** \n - Any origin can make authenticated requests and read responses.\n - Enables data exfiltration via malicious sites.\n- **Proof of Concept:** \n - Use JavaScript on a third-party domain to fetch sensitive data from the application; observe successful cross-origin response.\n\n---\n\n## 4. Medium & Low Risk Items\n\n### Medium (CVSS 4.0-6.9)\n- **Missing Anti-clickjacking Header**\n - **CWE-1021:** Allows clickjacking attacks.\n- **Content Security Policy (CSP) Header Not Set**\n - **CWE-693:** Increases XSS/data injection risk.\n- **Cookie Poisoning via User Input**\n - **CWE-565:** User-controlled cookies may be trusted by the application.\n\n### Low (CVSS 0.1-3.9)\n- **Server Version Disclosure**\n - **CWE-497:** Aids attacker reconnaissance.\n- **X-Content-Type-Options Header Missing**\n - **CWE-693:** Enables MIME sniffing, possible XSS.\n- **Cross-Domain JavaScript Source File Inclusion**\n - **CWE-829:** Supply chain risk if third-party scripts are compromised.\n- **Cookie without HttpOnly/SameSite**\n - **CWE-1004, CWE-1275:** Increases risk of session theft or CSRF.\n- **Information Disclosure via Comments**\n - **CWE-615:** May reveal sensitive logic or endpoints.\n\n**Security Hardening Recommendations:**\n- Implement all missing security headers.\n- Restrict CORS to trusted domains.\n- Use SRI and host critical JS libraries locally.\n- Remove sensitive comments from production code.\n- Set secure cookie attributes (`HttpOnly`, `SameSite`, `Secure`).\n\n---\n\n## 5. Attack Surface Analysis\n\n- **Internet-facing assets:** All application endpoints, static resources, and authentication forms.\n- **Potential attack paths:** \n - CSRF via missing tokens and permissive CORS.\n - Clickjacking via missing frame restrictions.\n - Supply chain attacks via third-party JS inclusion.\n - Session hijacking via insecure cookies.\n- **Network segmentation:** Not directly assessed; all findings pertain to the web application layer.\n- **Lateral movement:** If an attacker compromises a user session or exploits CSRF, they may escalate privileges or pivot to internal APIs.\n\n---\n\n## 6. Compliance & Regulatory Gaps\n\n- **PCI-DSS:** Fails requirements for secure session management, anti-CSRF, and information leakage.\n- **HIPAA:** Lacks controls for protecting ePHI from unauthorized access (e.g., via CSRF or CORS).\n- **GDPR:** Risk of personal data leakage via CORS and insufficient security headers.\n- **ISO 27001/NIST/CIS:** Violates controls for secure configuration, session management, and least privilege.\n- **Mapping:**\n - **CSRF (CWE-352):** PCI-DSS 6.5.9, NIST 800-53 SI-10, CIS 2.2.15\n - **CORS (CWE-264):** PCI-DSS 6.5, NIST AC-3, CIS 2.2.15\n - **Missing Headers (CWE-693, 1021):** PCI-DSS 6.5, NIST SC-5, CIS 2.2.15\n- **Required Actions:** Implement anti-CSRF, restrict CORS, set all recommended security headers, and remove information leaks.\n\n---\n\n## 7. Manual Verification Procedures\n\n### CSRF (CWE-352)\n**Prerequisites:** Authenticated user session \n**Steps:**\n1. Log in to the application.\n2. Intercept a POST request (e.g., `/login`) using Burp Suite.\n3. Remove any CSRF token or submit the request from a third-party site.\n4. Observe if the action is accepted.\n\n**Expected Result:** If the action succeeds without a CSRF token, the vulnerability is confirmed.\n\n---\n\n### CORS (CWE-264)\n**Prerequisites:** Access to a third-party domain \n**Steps:**\n1. Create an HTML page with JavaScript:\n ```js\n fetch('http://testhtml5.vulnweb.com/').then(r => r.text()).then(console.log);\n ```\n2. Load the page in a browser.\n3. Observe if the response is accessible.\n\n**Expected Result:** If the response is readable, CORS is misconfigured.\n\n---\n\n### Anti-clickjacking (CWE-1021)\n**Prerequisites:** Browser \n**Steps:**\n1. Create an HTML file:\n ```html\n \n ```\n2. Open in a browser.\n3. Observe if the site loads in the iframe.\n\n**Expected Result:** If the site loads, anti-clickjacking headers are missing.\n\n---\n\n### CSP (CWE-693)\n**Prerequisites:** curl or browser \n**Steps:**\n1. Run:\n ```\n curl -I http://testhtml5.vulnweb.com/\n ```\n2. Check for `Content-Security-Policy` header.\n\n**Expected Result:** If missing, CSP is not set.\n\n---\n\n### Third-Party JS Inclusion (CWE-829)\n**Prerequisites:** Browser \n**Steps:**\n1. View page source.\n2. Identify `","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":125,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"219","alertRef":"90003"},{"nodeName":"https://bun.com/404","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":125,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"221","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":293,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"222","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":293,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"223","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":384,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"225","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":293,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"226","alertRef":"10055-6"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":384,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"227","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":384,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"228","alertRef":"10055-6"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":91,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"231","alertRef":"10038-1"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":91,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"232","alertRef":"10098"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":140,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"234","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":140,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"235","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":140,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"236","alertRef":"10055-6"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":73,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"238","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":73,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"239","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":111,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"244","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":111,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"245","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":111,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"246","alertRef":"90003"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":112,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"248","alertRef":"90003"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":112,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"249","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":291,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"250","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":291,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"251","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":291,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"252","alertRef":"10055-6"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":307,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"253","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":307,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"254","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":307,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"255","alertRef":"10055-6"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":145,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"258","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":145,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"259","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":145,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"260","alertRef":"10055-6"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"262","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"263","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"264","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"265","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":293,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"267","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":293,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"268","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":293,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"269","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":293,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"270","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":293,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"271","alertRef":"90003"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":140,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"277","alertRef":"90003"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":140,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"278","alertRef":"90003"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":140,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"279","alertRef":"90003"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":140,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"280","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"284","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"285","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"286","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"287","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"288","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":291,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"294","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":291,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"295","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":291,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"296","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":291,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"297","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":291,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"298","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":291,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"300","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":91,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"301","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":91,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"302","alertRef":"90003"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":91,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"303","alertRef":"90003"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"307","alertRef":"90003"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"308","alertRef":"90003"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"309","alertRef":"90003"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"310","alertRef":"90003"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"311","alertRef":"90003"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":389,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"389","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"313","alertRef":"10098"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":392,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"392","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"340","alertRef":"10098"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":388,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"341","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":388,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"342","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":388,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"343","alertRef":"10055-6"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nscript-src, style-src, img-src, connect-src, frame-src, font-src, media-src, manifest-src, worker-src","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":391,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"content-security-policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"344","alertRef":"10055-4"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"script-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":391,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: script-src unsafe-inline","risk":"Medium","id":"345","alertRef":"10055-5"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://dashboard.mintlify.com; form-action 'self' https://codesandbox.io;","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":391,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"content-security-policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"346","alertRef":"10055-6"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"348","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"349","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"350","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"351","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"352","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":391,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"355","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":391,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"356","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":391,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"357","alertRef":"90003"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":391,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"358","alertRef":"90003"}],"Low":[{"nodeName":"https://bun.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://bun.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"0","alertRef":"10035-1"},{"nodeName":"https://bun.com/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":7,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"7","inputVector":"","url":"https://bun.com/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.10","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":38,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"38","inputVector":"","url":"https://bun.com/blog/bun-v1.3.10","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"3","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.11","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":40,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"40","inputVector":"","url":"https://bun.com/blog/bun-v1.3.11","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"4","alertRef":"10035-1"},{"nodeName":"https://bun.com/guides","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":43,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"43","inputVector":"","url":"https://bun.com/guides","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"5","alertRef":"10035-1"},{"nodeName":"https://bun.com/get","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":22,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"22","inputVector":"","url":"https://bun.com/get","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"6","alertRef":"10035-1"},{"nodeName":"https://bun.com/careers","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":46,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"46","inputVector":"","url":"https://bun.com/careers","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"8","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":23,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"23","inputVector":"","url":"https://bun.com/docs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"9","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.12","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":57,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"57","inputVector":"","url":"https://bun.com/blog/bun-v1.3.12","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"10","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/cli/run","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":59,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"59","inputVector":"","url":"https://bun.com/docs/cli/run","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"12","alertRef":"10035-1"},{"nodeName":"https://bun.com/manifest.json","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":58,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"58","inputVector":"","url":"https://bun.com/manifest.json","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"13","alertRef":"10035-1"},{"nodeName":"https://bun.com/reference","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":61,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"61","inputVector":"","url":"https://bun.com/reference","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"15","alertRef":"10035-1"},{"nodeName":"https://bun.com/logo.svg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":62,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"62","inputVector":"","url":"https://bun.com/logo.svg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"16","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/favicon-16x16.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":64,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"64","inputVector":"","url":"https://bun.com/icons/favicon-16x16.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"18","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":63,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"63","inputVector":"","url":"https://bun.com/blog/bun-v1.1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"19","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/bundler","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":66,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"66","inputVector":"","url":"https://bun.com/docs/bundler","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"20","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/favicon-32x32.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":70,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"70","inputVector":"","url":"https://bun.com/icons/favicon-32x32.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"21","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/icon-512x512.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":69,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"69","inputVector":"","url":"https://bun.com/icons/icon-512x512.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"22","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.13","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":71,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"71","inputVector":"","url":"https://bun.com/blog/bun-v1.3.13","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"23","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.9","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":72,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"72","inputVector":"","url":"https://bun.com/blog/bun-v1.3.9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"24","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/apple-touch-icon-152x152.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":74,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"74","inputVector":"","url":"https://bun.com/icons/apple-touch-icon-152x152.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"25","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/bunx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":76,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"76","inputVector":"","url":"https://bun.com/docs/pm/bunx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"26","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.6","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":84,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"84","inputVector":"","url":"https://bun.com/blog/bun-v1.3.6","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"27","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.5","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":85,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"85","inputVector":"","url":"https://bun.com/blog/bun-v1.3.5","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"28","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.7","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":86,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"86","inputVector":"","url":"https://bun.com/blog/bun-v1.3.7","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"30","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.4","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":92,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"92","inputVector":"","url":"https://bun.com/blog/bun-v1.3.4","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"31","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-joins-anthropic","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":93,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"93","inputVector":"","url":"https://bun.com/blog/bun-joins-anthropic","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"32","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/vercel-adds-native-bun-support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":101,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"101","inputVector":"","url":"https://bun.com/blog/vercel-adds-native-bun-support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"33","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.2","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":98,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"98","inputVector":"","url":"https://bun.com/blog/bun-v1.3.2","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"34","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.23","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":107,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"107","inputVector":"","url":"https://bun.com/blog/bun-v1.2.23","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"35","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":99,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"99","inputVector":"","url":"https://bun.com/blog/bun-v1.3.3","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"36","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.3.1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":103,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"103","inputVector":"","url":"https://bun.com/blog/bun-v1.3.1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"37","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":113,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"113","inputVector":"","url":"https://bun.com/blog/bun-v1.2","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"38","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/how-we-made-postMessage-string-500x-faster","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":116,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"116","inputVector":"","url":"https://bun.com/blog/how-we-made-postMessage-string-500x-faster","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"39","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/behind-the-scenes-of-bun-install","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":117,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"117","inputVector":"","url":"https://bun.com/blog/behind-the-scenes-of-bun-install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"40","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.22","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":114,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"114","inputVector":"","url":"https://bun.com/blog/bun-v1.2.22","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"41","alertRef":"10035-1"},{"nodeName":"https://bun.com/robots.txt","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":8,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"8","inputVector":"","url":"https://bun.com/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"42","alertRef":"10021"},{"nodeName":"https://bun.com/blog/bun-v1.2.20","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":120,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"120","inputVector":"","url":"https://bun.com/blog/bun-v1.2.20","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"43","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.19","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":121,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"121","inputVector":"","url":"https://bun.com/blog/bun-v1.2.19","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"44","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/test","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":127,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"127","inputVector":"","url":"https://bun.com/docs/test","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"45","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.21","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":118,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"118","inputVector":"","url":"https://bun.com/blog/bun-v1.2.21","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"46","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.17","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":124,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"124","inputVector":"","url":"https://bun.com/blog/bun-v1.2.17","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"48","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.18","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":122,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"122","inputVector":"","url":"https://bun.com/blog/bun-v1.2.18","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"49","alertRef":"10035-1"},{"nodeName":"https://bun.com/blog/bun-v1.2.16","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":126,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"126","inputVector":"","url":"https://bun.com/blog/bun-v1.2.16","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"50","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/plugins","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":137,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"137","inputVector":"","url":"https://bun.com/docs/runtime/plugins","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"54","alertRef":"10035-1"},{"nodeName":"https://bun.com/hot.gif","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":139,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"139","inputVector":"","url":"https://bun.com/hot.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"57","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":170,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"170","inputVector":"","url":"https://bun.com/docs/runtime","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"61","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/templating/init","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":166,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"166","inputVector":"","url":"https://bun.com/docs/runtime/templating/init","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"62","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/bunfig","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":175,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"175","inputVector":"","url":"https://bun.com/docs/runtime/bunfig","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"64","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/guides","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":176,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"176","inputVector":"","url":"https://bun.com/docs/guides","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"66","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":179,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"179","inputVector":"","url":"https://bun.com/docs/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"67","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/repl","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":180,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"180","inputVector":"","url":"https://bun.com/docs/runtime/repl","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"68","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/typescript-6","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":178,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"178","inputVector":"","url":"https://bun.com/docs/typescript-6","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"69","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/debugger","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":168,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"168","inputVector":"","url":"https://bun.com/docs/runtime/debugger","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"70","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/installation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":188,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"188","inputVector":"","url":"https://bun.com/docs/installation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"72","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/file-system-router","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":189,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"189","inputVector":"","url":"https://bun.com/docs/runtime/file-system-router","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"73","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/http/routing","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":190,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"190","inputVector":"","url":"https://bun.com/docs/runtime/http/routing","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"74","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/http/tls","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":193,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"193","inputVector":"","url":"https://bun.com/docs/runtime/http/tls","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"77","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/http/websockets","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":194,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"194","inputVector":"","url":"https://bun.com/docs/runtime/http/websockets","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"78","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/http/metrics","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":195,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"195","inputVector":"","url":"https://bun.com/docs/runtime/http/metrics","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"79","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/typescript","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":197,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"197","inputVector":"","url":"https://bun.com/docs/typescript","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"80","alertRef":"10035-1"},{"nodeName":"https://bun.com/readme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":10,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"10","inputVector":"","url":"https://bun.com/readme","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"81","alertRef":"10017"},{"nodeName":"https://bun.com/docs/runtime/templating/create","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":198,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"198","inputVector":"","url":"https://bun.com/docs/runtime/templating/create","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"82","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/file-io","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":201,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"201","inputVector":"","url":"https://bun.com/docs/runtime/file-io","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"84","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/watch-mode","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":199,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"199","inputVector":"","url":"https://bun.com/docs/runtime/watch-mode","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"85","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/http/server","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":200,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"200","inputVector":"","url":"https://bun.com/docs/runtime/http/server","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"87","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/networking/fetch","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":202,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"202","inputVector":"","url":"https://bun.com/docs/runtime/networking/fetch","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"88","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/cookies","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":205,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"205","inputVector":"","url":"https://bun.com/docs/runtime/cookies","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"90","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/jsx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":204,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"204","inputVector":"","url":"https://bun.com/docs/runtime/jsx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"91","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/binary-data","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":211,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"211","inputVector":"","url":"https://bun.com/docs/runtime/binary-data","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"92","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/streams","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":207,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"207","inputVector":"","url":"https://bun.com/docs/runtime/streams","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"93","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/archive","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":217,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"217","inputVector":"","url":"https://bun.com/docs/runtime/archive","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"94","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/quickstart","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":218,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"218","inputVector":"","url":"https://bun.com/docs/quickstart","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"95","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/sql","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":219,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"219","inputVector":"","url":"https://bun.com/docs/runtime/sql","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"96","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/child-process","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":224,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"224","inputVector":"","url":"https://bun.com/docs/runtime/child-process","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"97","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/sqlite","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":220,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"220","inputVector":"","url":"https://bun.com/docs/runtime/sqlite","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"98","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/workers","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":225,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"225","inputVector":"","url":"https://bun.com/docs/runtime/workers","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"99","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/environment-variables","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":229,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"229","inputVector":"","url":"https://bun.com/docs/runtime/environment-variables","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"100","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/node-api","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":237,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"237","inputVector":"","url":"https://bun.com/docs/runtime/node-api","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"101","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/redis","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":226,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"226","inputVector":"","url":"https://bun.com/docs/runtime/redis","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"102","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/s3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":231,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"231","inputVector":"","url":"https://bun.com/docs/runtime/s3","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"103","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/cron","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":232,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"232","inputVector":"","url":"https://bun.com/docs/runtime/cron","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"104","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/shell","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":228,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"228","inputVector":"","url":"https://bun.com/docs/runtime/shell","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"105","alertRef":"10035-1"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"141","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"106","alertRef":"10021"},{"nodeName":"https://bun.com/docs/runtime/webview","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":239,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"239","inputVector":"","url":"https://bun.com/docs/runtime/webview","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"107","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/transpiler","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":240,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"240","inputVector":"","url":"https://bun.com/docs/runtime/transpiler","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"108","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/project/roadmap","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":241,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"241","inputVector":"","url":"https://bun.com/docs/project/roadmap","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"109","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/http/error-handling","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":242,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"242","inputVector":"","url":"https://bun.com/docs/runtime/http/error-handling","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"110","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/c-compiler","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":243,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"243","inputVector":"","url":"https://bun.com/docs/runtime/c-compiler","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"113","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/ffi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":245,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"245","inputVector":"","url":"https://bun.com/docs/runtime/ffi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"114","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/project/benchmarking","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":244,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"244","inputVector":"","url":"https://bun.com/docs/project/benchmarking","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"115","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/project/building-windows","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":246,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"246","inputVector":"","url":"https://bun.com/docs/project/building-windows","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"116","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":129,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"129","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"117","alertRef":"10021"},{"nodeName":"https://bun.com/docs/project/license","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":258,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"258","inputVector":"","url":"https://bun.com/docs/project/license","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"120","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/project/bindgen","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":247,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"247","inputVector":"","url":"https://bun.com/docs/project/bindgen","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"121","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/css/93bac6dd9c729729.css (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":268,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"268","inputVector":"","url":"https://bun.com/docs/_next/static/css/93bac6dd9c729729.css?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"122","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/media/bb3ef058b751a6ad-s.p.woff2","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":264,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"264","inputVector":"","url":"https://bun.com/docs/_next/static/media/bb3ef058b751a6ad-s.p.woff2","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"123","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":130,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"130","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"124","alertRef":"10021"},{"nodeName":"https://bun.com/docs/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":270,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"270","inputVector":"","url":"https://bun.com/docs/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"125","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/css/05d6d8fcb903870d.css (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":271,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"271","inputVector":"","url":"https://bun.com/docs/_next/static/css/05d6d8fcb903870d.css?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"126","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/apple-touch-icon.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":272,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"272","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/apple-touch-icon.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"127","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/css/946a75e238c3fb8b.css (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":279,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"279","inputVector":"","url":"https://bun.com/docs/_next/static/css/946a75e238c3fb8b.css?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"128","alertRef":"10035-1"},{"nodeName":"https://bun.com/file.md,","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":144,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"144","inputVector":"","url":"https://bun.com/file.md,","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"129","alertRef":"10017"},{"nodeName":"https://bun.com/docs/_next/static/chunks/webpack-cace15c5d3e42086.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":280,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"280","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/webpack-cace15c5d3e42086.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"130","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-32x32.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":282,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"282","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-32x32.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"131","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/media/c4b700dcb2187787-s.p.woff2","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":283,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"283","inputVector":"","url":"https://bun.com/docs/_next/static/media/c4b700dcb2187787-s.p.woff2","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"132","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-16x16.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":284,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"284","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-16x16.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"133","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon.ico","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":287,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"287","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"134","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon.ico","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":286,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"286","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"135","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/networking/dns","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":288,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"288","inputVector":"","url":"https://bun.com/docs/runtime/networking/dns","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"136","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":289,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"289","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"137","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/media/e4af272ccee01ff0-s.p.woff2","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":292,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"292","inputVector":"","url":"https://bun.com/docs/_next/static/media/e4af272ccee01ff0-s.p.woff2","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"138","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":290,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"290","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"139","alertRef":"10035-1"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":128,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"128","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"140","alertRef":"10021"},{"nodeName":"https://bun.com/docs/bundler/hmr","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":303,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"303","inputVector":"","url":"https://bun.com/docs/bundler/hmr","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"143","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/bundler/executables","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":301,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"301","inputVector":"","url":"https://bun.com/docs/bundler/executables","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"144","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/95115-7f3830b22524c9f1.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":329,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"329","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/95115-7f3830b22524c9f1.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"145","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/19664-8ce43df6b74bea12.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":332,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"332","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/19664-8ce43df6b74bea12.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"147","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/90018-43883d70204f3d31.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":334,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"334","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/90018-43883d70204f3d31.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"148","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/96613-d9098930227907bd.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":359,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"359","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/96613-d9098930227907bd.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"150","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/3433-72c2462a2e18293a.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":360,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"360","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/3433-72c2462a2e18293a.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"151","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/87c73c54-09e1ba5c70e60a51.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":333,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"333","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/87c73c54-09e1ba5c70e60a51.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"152","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/main-app-76ddd9525ef90e67.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":337,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"337","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/main-app-76ddd9525ef90e67.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"154","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/14079-4865f1ab1b5bbf4b.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":330,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"330","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/14079-4865f1ab1b5bbf4b.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"155","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/51288-0fb44d6be82e9af5.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":335,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"335","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/51288-0fb44d6be82e9af5.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"156","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/55016-50dfe709f122ed20.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":339,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"339","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/55016-50dfe709f122ed20.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"157","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/98816-4875194b6205382d.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":344,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"344","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/98816-4875194b6205382d.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"158","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/80239-ce217fc534a5bb94.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":341,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"341","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/80239-ce217fc534a5bb94.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"159","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/78238-22782f5aac7a6ef4.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":343,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"343","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/78238-22782f5aac7a6ef4.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"160","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/8685-3edaeb533c1369b7.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":346,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"346","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/8685-3edaeb533c1369b7.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"161","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/93247-b07c7244bb0ac0f8.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":348,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"348","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/93247-b07c7244bb0ac0f8.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"162","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/40608-ca169cee83c3c0f9.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":357,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"357","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/40608-ca169cee83c3c0f9.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"163","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/11179-88db0dac7a12c76c.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":358,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"358","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/11179-88db0dac7a12c76c.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"164","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/891cff7f-38ce37d594f7da31.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":347,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"347","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/891cff7f-38ce37d594f7da31.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_QA_STD":"","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"165","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/80622-d4455d68025d654d.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":362,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"362","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/80622-d4455d68025d654d.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"166","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/3351-b1a2b1ce24ac5cbd.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":365,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"365","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/3351-b1a2b1ce24ac5cbd.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"167","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/24253-97a943a955ad7b14.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":366,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"366","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/24253-97a943a955ad7b14.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"168","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/75862-0e7c90644ebfd048.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":368,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"368","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/75862-0e7c90644ebfd048.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_QA_STD":"","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"169","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/20660-7fa8ab7432878890.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":370,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"370","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/20660-7fa8ab7432878890.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"170","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/db261188-d8199d2c7818f473.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":369,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"369","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/db261188-d8199d2c7818f473.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"171","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/68789-aa7dbc2fe57d93b1.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":367,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"367","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/68789-aa7dbc2fe57d93b1.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"172","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/%5Fsites/[subdomain]/not-found-1c8d41b8e0250ec9.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":371,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"371","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/%255Fsites/%5Bsubdomain%5D/not-found-1c8d41b8e0250ec9.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"174","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/%5Fsites/[subdomain]/(multitenant)/layout-52a2b1c85eba58aa.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":375,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"375","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/%255Fsites/%5Bsubdomain%5D/(multitenant)/layout-52a2b1c85eba58aa.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"175","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/21749-8eabe95ccb0f4d56.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":377,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"377","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/21749-8eabe95ccb0f4d56.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"176","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/67313-40f1c25780799bd7.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":378,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"378","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/67313-40f1c25780799bd7.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"177","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/60002-569ac0c5cc1599ae.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":380,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"380","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/60002-569ac0c5cc1599ae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"178","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/%5Fsites/[subdomain]/error-b4aabeed68299375.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":379,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"379","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/%255Fsites/%5Bsubdomain%5D/error-b4aabeed68299375.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"179","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/17551-6c8559b0efc3f1ad.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":381,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"381","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/17551-6c8559b0efc3f1ad.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"180","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/layout-50b3c0cb2ab557e1.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":382,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"382","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/layout-50b3c0cb2ab557e1.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"181","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/71251-05ad8e5ad1c00c48.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":383,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"383","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/71251-05ad8e5ad1c00c48.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"182","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/73205-1667aa76af26a306.js (dpl)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":385,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"385","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/73205-1667aa76af26a306.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"184","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":386,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"386","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"192","alertRef":"10021"},{"nodeName":"https://bun.com/404","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":125,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"194","alertRef":"10017"},{"nodeName":"https://bun.com/404","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":125,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-4B43HPM4TV","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"195","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":73,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"202","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":73,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-4B43HPM4TV","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"203","alertRef":"10017"},{"nodeName":"https://bun.com/rss.xml","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":75,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"75","inputVector":"","url":"https://bun.com/rss.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"204","alertRef":"10021"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":112,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"205","alertRef":"10017"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":112,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-4B43HPM4TV","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"206","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":111,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"207","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":111,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://platform.twitter.com/widgets.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"208","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":111,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-4B43HPM4TV","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"209","alertRef":"10017"},{"nodeName":"https://bun.com/404","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":125,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"224","alertRef":"10021"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":73,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"242","alertRef":"10021"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":111,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"256","alertRef":"10021"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":112,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"257","alertRef":"10021"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":91,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://plausible.io/js/script.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"272","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":91,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://platform.twitter.com/widgets.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"273","alertRef":"10017"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":91,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-4B43HPM4TV","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"274","alertRef":"10017"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":293,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"275","alertRef":"10021"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":384,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"281","alertRef":"10021"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"192.168.1.100\n192.168.1.100\n10.0.0.1\n10.0.0.1\n192.168.1.100\n192.168.1.100\n10.0.0.1\n10.0.0.1\n192.168.1.100\n192.168.1.100\n10.0.0.1\n10.0.0.1\n","method":"GET","evidence":"192.168.1.100","pluginId":"2","cweid":"497","confidence":"Medium","sourceMessageId":307,"wascid":"13","description":"A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc1918","solution":"Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.","alert":"Private IP Disclosure","param":"","attack":"","name":"Private IP Disclosure","risk":"Low","id":"282","alertRef":"2"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":140,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"289","alertRef":"10021"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":307,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"290","alertRef":"10021"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":91,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"304","alertRef":"10021"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":291,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"305","alertRef":"10021"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":145,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"312","alertRef":"10021"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":389,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"389","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"315","alertRef":"10021"},{"nodeName":"https://bun.com/docs/pm/cli/why","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":411,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"411","inputVector":"","url":"https://bun.com/docs/pm/cli/why","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"316","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/add","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":401,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"401","inputVector":"","url":"https://bun.com/docs/pm/cli/add","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"317","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/outdated","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":420,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"420","inputVector":"","url":"https://bun.com/docs/pm/cli/outdated","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"318","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/remove","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":400,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"400","inputVector":"","url":"https://bun.com/docs/pm/cli/remove","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"319","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/browserconfig.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":390,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"390","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/browserconfig.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"320","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/info","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":415,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"415","inputVector":"","url":"https://bun.com/docs/pm/cli/info","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"321","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/update","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":399,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"399","inputVector":"","url":"https://bun.com/docs/pm/cli/update","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"322","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":425,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"425","inputVector":"","url":"https://bun.com/docs/pm/cli/link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"323","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/audit","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":426,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"426","inputVector":"","url":"https://bun.com/docs/pm/cli/audit","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"324","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/publish","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":421,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"421","inputVector":"","url":"https://bun.com/docs/pm/cli/publish","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"325","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/catalogs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":423,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"423","inputVector":"","url":"https://bun.com/docs/pm/catalogs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"326","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/pm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":429,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"429","inputVector":"","url":"https://bun.com/docs/pm/cli/pm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"327","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/global-store","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":430,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"430","inputVector":"","url":"https://bun.com/docs/pm/global-store","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"328","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/workspaces","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":424,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"424","inputVector":"","url":"https://bun.com/docs/pm/workspaces","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"329","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/lifecycle","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":432,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"432","inputVector":"","url":"https://bun.com/docs/pm/lifecycle","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"330","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/cli/patch","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":427,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"427","inputVector":"","url":"https://bun.com/docs/pm/cli/patch","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"331","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/security-scanner-api","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":433,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"433","inputVector":"","url":"https://bun.com/docs/pm/security-scanner-api","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"332","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/filter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":428,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"428","inputVector":"","url":"https://bun.com/docs/pm/filter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"333","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/overrides","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":437,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"437","inputVector":"","url":"https://bun.com/docs/pm/overrides","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"334","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/scopes-registries","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":436,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"436","inputVector":"","url":"https://bun.com/docs/pm/scopes-registries","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"335","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/global-cache","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":435,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"435","inputVector":"","url":"https://bun.com/docs/pm/global-cache","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"336","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/lockfile","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":431,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"431","inputVector":"","url":"https://bun.com/docs/pm/lockfile","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"337","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/isolated-installs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":438,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"438","inputVector":"","url":"https://bun.com/docs/pm/isolated-installs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"338","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/pm/npmrc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":434,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"434","inputVector":"","url":"https://bun.com/docs/pm/npmrc","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"339","alertRef":"10035-1"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":388,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"353","alertRef":"10021"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":391,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"359","alertRef":"10021"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":392,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"392","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"361","alertRef":"10021"}],"Informational":[{"nodeName":"https://bun.com/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=14400, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":8,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"8","inputVector":"","url":"https://bun.com/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"7","alertRef":"10015"},{"nodeName":"https://bun.com/robots.txt","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 26556","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":8,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"8","inputVector":"","url":"https://bun.com/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"29","alertRef":"10050-2"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 67351","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":128,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"128","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"63","alertRef":"10050-2"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 43541","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":129,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"129","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"65","alertRef":"10050-2"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 8880","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":130,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"130","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"71","alertRef":"10050-2"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 2979","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":141,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"141","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"76","alertRef":"10050-2"},{"nodeName":"https://bun.com/rss.xml","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":75,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"75","inputVector":"","url":"https://bun.com/rss.xml","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"83","alertRef":"10015"},{"nodeName":"https://bun.com/404","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":125,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"142","alertRef":"10015"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":73,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"187","alertRef":"10015"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 86888","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":386,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"386","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"189","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":111,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"193","alertRef":"10015"},{"nodeName":"https://bun.com/rss.xml","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 42238","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":75,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"75","inputVector":"","url":"https://bun.com/rss.xml","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"198","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":112,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"199","alertRef":"10015"},{"nodeName":"https://bun.com/404","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 304620","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":125,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"125","inputVector":"","url":"https://bun.com/404","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"217","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0, must-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":91,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"229","alertRef":"10015"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"// Remove active class from all items\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"Remove active class from all items","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":73,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"230","alertRef":"10027"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":73,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"233","alertRef":"10109"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 564","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":73,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"73","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"237","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"// Remove active class from all items\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"Remove active class from all items","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":111,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"240","alertRef":"10027"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":111,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"241","alertRef":"10109"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 407397","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":111,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"111","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"243","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 39154","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":112,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"112","inputVector":"","url":"https://bun.com/blog","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"247","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92663","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":384,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"384","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"261","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92687","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":293,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"293","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"266","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92686","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":140,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"140","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"276","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92662","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":307,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"307","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"283","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"// Remove active class from all items\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"Remove active class from all items","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":91,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"291","alertRef":"10027"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":91,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"292","alertRef":"10109"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92683","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":291,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"291","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"293","alertRef":"10050-2"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 33913","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":91,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"91","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"299","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92653","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":145,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"145","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"306","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 86888","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":389,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"389","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"314","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92654","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":388,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"388","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"347","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 92681","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":391,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"391","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"354","alertRef":"10050-2"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 86887","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":392,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"392","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"360","alertRef":"10050-2"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12089","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"362","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12094","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"363","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12103","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"364","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12104","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"365","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12105","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"366","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12125","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"367","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12129","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"368","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12133","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"369","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12139","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"370","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12154","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"372","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12160","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"373","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12181","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"374","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12186","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"375","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12189","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"376","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12195","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"377","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12205","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"379","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12206","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"380","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12227","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"381","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12232","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"382","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12236","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"383","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12237","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"384","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12246","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"385","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12251","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"386","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12270","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"387","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12274","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"388","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12291","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"389","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12296","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"390","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12303","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"391","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12304","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"392","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12305","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"393","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12320","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"394","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12327","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"395","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12328","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"396","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":289,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12367","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"397","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":290,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12371","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"398","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":289,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12373","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"399","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":287,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12375","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"400","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":290,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12377","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"401","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12402","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"402","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12403","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"403","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12404","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"404","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12408","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"405","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12434","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"406","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12435","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"407","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12439","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"408","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12440","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"409","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":289,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12441","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon-16x16.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"410","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":290,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12444","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"411","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":287,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12447","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"412","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12470","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"413","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12474","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"414","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12501","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"415","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12503","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"416","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12530","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"417","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12531","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"418","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12562","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"419","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12565","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"420","alertRef":"10104"},{"nodeName":"https://bun.com/404","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12578","inputVector":"","url":"https://bun.com/404","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"421","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":91,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12581","inputVector":"","url":"https://bun.com/blog/bun-v1.3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"422","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":290,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12583","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"423","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12586","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"424","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12588","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"425","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12590","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"426","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.0","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12592","inputVector":"","url":"https://bun.com/blog/bun-v1.0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"427","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":290,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12594","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"428","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/browserconfig.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12596","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/browserconfig.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"429","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":290,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12612","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon-dark/favicon-32x32.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"430","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12636","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"432","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12644","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"433","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12663","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"435","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12670","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"436","alertRef":"10104"},{"nodeName":"https://bun.com/bin/sh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12674","inputVector":"","url":"https://bun.com/bin/sh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"437","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12682","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"439","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12692","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"440","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12694","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"441","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12698,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12698","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"442","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12713","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"443","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12719","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"444","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12724","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"445","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12731,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12731","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"446","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12750","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"447","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12761","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"448","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12778,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12778","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"449","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12780","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"450","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12814","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"451","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12819","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"452","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12824","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"453","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/browserconfig.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12836","inputVector":"","url":"https://bun.com/docs/_mintlify/favicons/bun-1dd33a4e/EVjBxeJFWkPSAqAJ/_generated/favicon/browserconfig.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"454","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12839","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"455","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12857","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"456","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12864,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12864","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"457","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12884","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"458","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12894","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"459","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.6","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":84,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12935","inputVector":"","url":"https://bun.com/blog/bun-v1.3.6","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"461","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12936","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"462","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12937","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"463","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12943","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"464","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12968","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"465","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12988,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12988","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"466","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"12998","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"467","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13027,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13027","inputVector":"","url":"https://bun.com/docs/_next","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"468","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13062","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"470","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/73205-1667aa76af26a306.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":385,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13066","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/73205-1667aa76af26a306.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"471","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13078","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"472","alertRef":"10104"},{"nodeName":"https://bun.com/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13097","inputVector":"","url":"https://bun.com/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"473","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13110","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"474","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13137","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"475","alertRef":"10104"},{"nodeName":"https://bun.com/blog/bun-v1.3.8","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13157","inputVector":"","url":"https://bun.com/blog/bun-v1.3.8","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"476","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13168","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"477","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13175","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"478","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13203","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"479","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13211","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"480","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/87c73c54-09e1ba5c70e60a51.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":333,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13215","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/87c73c54-09e1ba5c70e60a51.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"481","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13224","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"482","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/3433-72c2462a2e18293a.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":360,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13254","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/3433-72c2462a2e18293a.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"483","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13255","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"484","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13272","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/d30757c7-548538087d8b5b15.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"485","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13284","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"486","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13290","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"487","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13306","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"488","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13322","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"489","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13333","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"490","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13340","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"491","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13349","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"492","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13351","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/50867-c378eb8113c8aaae.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"493","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13356","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"494","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/40608-ca169cee83c3c0f9.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13361","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/40608-ca169cee83c3c0f9.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"495","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13364,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13364","inputVector":"","url":"https://bun.com/docs/_next/static/chunks","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"496","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/%5Fsites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13371,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13371","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/%255Fsites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"497","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13401","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"498","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13403","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"499","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13405","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"500","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13407","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"501","alertRef":"10104"},{"nodeName":"https://bun.com/discord","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13409","inputVector":"","url":"https://bun.com/discord","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"502","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13411,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13411","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"503","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13436","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"504","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13460","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"507","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13472","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"509","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13477","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"510","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13483","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"511","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13495","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"513","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13505","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"514","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13509","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"515","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13522","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"516","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13549","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"519","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13560","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"520","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13563","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"521","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13573","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"522","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13617","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"523","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13622","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"524","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13624","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"525","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13627","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"526","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13633","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"527","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13660","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"528","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13685","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"530","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13696","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"531","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13738","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"532","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13740","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"533","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13741","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"534","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13764","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"535","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13772,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13772","inputVector":"","url":"https://bun.com/docs/_next/static/chunks","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"536","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13792","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"537","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13793","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"538","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13835","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"539","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13840","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"540","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13842","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"541","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13907","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"544","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13915","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"545","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13958","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"546","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13960","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"547","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13966","inputVector":"","url":"https://bun.com/docs/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"548","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13972","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"549","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"13973","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"550","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14009","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"551","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14021","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"552","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14022","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"553","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/bunx","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14034","inputVector":"","url":"https://bun.com/docs/cli/bunx","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"554","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14079","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"555","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14088","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"556","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14091","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"557","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js (dpl)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14096","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/error-904203083e579f01.js?dpl=dpl_4P69uqbeZYDuKv67wy6HkXX6zaG9","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"558","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14101","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"559","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14102","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"560","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14181","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"562","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14182","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"563","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14186","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"564","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14189","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"565","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14191","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"566","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14196","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"567","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14235","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"568","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14252","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"569","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14254","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"570","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14256","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"571","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14259","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"572","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14290","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"573","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14293","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"574","alertRef":"10104"},{"nodeName":"https://bun.com/file.md,","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14294","inputVector":"","url":"https://bun.com/file.md,","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"575","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli/test","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14317","inputVector":"","url":"https://bun.com/docs/cli/test","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"576","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14319","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"577","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14323","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"578","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14324","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"579","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14327","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"580","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14328","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"581","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/global-store","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":430,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14341","inputVector":"","url":"https://bun.com/docs/pm/global-store","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"582","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14367","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"583","alertRef":"10104"},{"nodeName":"https://bun.com/file.md,","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14369","inputVector":"","url":"https://bun.com/file.md,","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"584","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14408","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"585","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14409","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"586","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14410","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"587","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14412","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"588","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14413","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"589","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14414","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"590","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14433","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"591","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14449","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"593","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14455","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"594","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14456","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"595","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app/%5Fsites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":14480,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14480","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app/%255Fsites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"596","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14489","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"597","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14494","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"598","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14501","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"599","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14506","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"600","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/roadmap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":241,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14512","inputVector":"","url":"https://bun.com/docs/project/roadmap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"601","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14516","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"602","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14518","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"604","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14524","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"605","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14529","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"606","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14538","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"607","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14540","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"608","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14548","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"609","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14554","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"610","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14568","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"611","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14593","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"612","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14599","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"613","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14605","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"614","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14612","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"616","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14613","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"617","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14615","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"619","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14618","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"620","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14619","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"621","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14635","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"622","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14643","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"623","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14644","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"624","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14661","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"625","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/bunfig","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":175,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14681","inputVector":"","url":"https://bun.com/docs/runtime/bunfig","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"626","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14709","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"627","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14713","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"628","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14714","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"629","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14715","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"630","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14717","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"631","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14718","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"632","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14719","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"633","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14720","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"634","alertRef":"10104"},{"nodeName":"https://bun.com/file.md,","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14721","inputVector":"","url":"https://bun.com/file.md,","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"635","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14723","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"636","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14724","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"637","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14726","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"638","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14727","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"639","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/lifecycle","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":432,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14735","inputVector":"","url":"https://bun.com/docs/pm/lifecycle","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"640","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14741","inputVector":"","url":"https://bun.com/docs/runtime","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"641","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14757","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"642","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14769","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"643","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14777","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"644","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14778","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"645","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14779","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"646","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/http/cookies","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14781","inputVector":"","url":"https://bun.com/docs/runtime/http/cookies","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"647","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14782","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"648","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14784","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"650","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14786","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"651","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14787","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"652","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14788","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"653","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14793","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"654","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/module-resolution","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":291,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14823","inputVector":"","url":"https://bun.com/docs/runtime/module-resolution","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"655","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/building-windows","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":246,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14825","inputVector":"","url":"https://bun.com/docs/project/building-windows","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"656","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14826","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"657","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14868","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"658","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14869","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"659","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14870","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"660","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14872","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"662","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14873","inputVector":"","url":"https://bun.com/docs/pm/cli/install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"663","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14874","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"664","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14875","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"665","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14876","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"666","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14877","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"667","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14878","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"668","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14879","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"669","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/archive","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":217,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14903","inputVector":"","url":"https://bun.com/docs/runtime/archive","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"670","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/redis","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14904","inputVector":"","url":"https://bun.com/docs/runtime/redis","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"671","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/lockfile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":431,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14905","inputVector":"","url":"https://bun.com/docs/pm/lockfile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"672","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/pm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":429,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14941","inputVector":"","url":"https://bun.com/docs/pm/cli/pm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"674","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14943","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"675","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14945","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"677","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14946","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"678","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14948","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"680","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14949","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"681","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14950","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"682","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14951","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"683","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14953","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"684","alertRef":"10104"},{"nodeName":"https://bun.com/docs/cli","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":14966,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14966","inputVector":"","url":"https://bun.com/docs/cli","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"685","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14967","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"686","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/chunks/app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":14979,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14979","inputVector":"","url":"https://bun.com/docs/_next/static/chunks/app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"687","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":14980,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14980","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"688","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/tcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14983","inputVector":"","url":"https://bun.com/docs/runtime/networking/tcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"689","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14985","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"690","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14989","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"691","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/networking/udp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14990","inputVector":"","url":"https://bun.com/docs/runtime/networking/udp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"692","alertRef":"10104"},{"nodeName":"https://bun.com/file.md,","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14991","inputVector":"","url":"https://bun.com/file.md,","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"693","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"14993","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"694","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15017","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"695","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15019","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"696","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15020","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"697","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15023","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"698","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15026,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15026","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"699","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15027","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"700","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/repl","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":180,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15029","inputVector":"","url":"https://bun.com/docs/runtime/repl","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"701","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15030","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"702","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15032","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"703","alertRef":"10104"},{"nodeName":"https://bun.com/file.md,","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15037","inputVector":"","url":"https://bun.com/file.md,","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"704","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/file-types","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15045","inputVector":"","url":"https://bun.com/docs/runtime/file-types","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"705","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15053","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"706","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15056","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"707","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15060","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"708","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15061,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15061","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"709","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15077","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"710","alertRef":"10104"},{"nodeName":"https://bun.com/file.md,","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15078","inputVector":"","url":"https://bun.com/file.md,","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"711","alertRef":"10104"},{"nodeName":"https://bun.com/favicon.ico","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15081","inputVector":"","url":"https://bun.com/favicon.ico","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"712","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15082","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"713","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15087","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"714","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15089","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"715","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15090","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"716","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15091,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15091","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"717","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15096","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"718","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15100","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"719","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15102","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"720","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15108","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"721","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15112","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"722","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15116","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"724","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15118","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"725","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15130","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"726","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15131","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"727","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15137","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"729","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15138","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"730","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15141","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"731","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15145","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"732","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15149","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"733","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15151","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"734","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15152","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"735","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15158","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"736","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15162","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"737","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15165","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"738","alertRef":"10104"},{"nodeName":"https://bun.com/rss.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15167","inputVector":"","url":"https://bun.com/rss.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"739","alertRef":"10104"},{"nodeName":"https://bun.com/icons/icon-192x192.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15171","inputVector":"","url":"https://bun.com/icons/icon-192x192.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"740","alertRef":"10104"},{"nodeName":"https://bun.com/icons/favicon-96x96.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15173","inputVector":"","url":"https://bun.com/icons/favicon-96x96.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"741","alertRef":"10104"},{"nodeName":"https://bun.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15184","inputVector":"","url":"https://bun.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"743","alertRef":"10104"},{"nodeName":"https://bun.com/icons/apple-touch-icon.png","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15186","inputVector":"","url":"https://bun.com/icons/apple-touch-icon.png","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"744","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15187","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"745","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/auto-install","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15188","inputVector":"","url":"https://bun.com/docs/runtime/auto-install","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"746","alertRef":"10104"},{"nodeName":"https://bun.com/readme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15193","inputVector":"","url":"https://bun.com/readme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"747","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15196,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15196","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"748","alertRef":"10104"},{"nodeName":"https://bun.com/docs/pm/cli/info","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15208","inputVector":"","url":"https://bun.com/docs/pm/cli/info","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"750","alertRef":"10104"},{"nodeName":"https://bun.com/docs/runtime/child-process","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":224,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15212","inputVector":"","url":"https://bun.com/docs/runtime/child-process","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"751","alertRef":"10104"},{"nodeName":"https://bun.com/docs/_next/static/media","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15213,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15213","inputVector":"","url":"https://bun.com/docs/_next/static/media","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"752","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15232","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"753","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15237","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"754","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15242","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"755","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15247","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"756","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15249","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"757","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15252","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"758","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15254","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"759","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15256","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"760","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15258","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"761","alertRef":"10104"},{"nodeName":"https://bun.com/docs/project/contributing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"15260","inputVector":"","url":"https://bun.com/docs/project/contributing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"762","alertRef":"10104"}]},"vulnerability_types":{"Strict-Transport-Security Header Not Set":168,"Re-examine Cache-control Directives":7,"Cross-Domain Misconfiguration":15,"Retrieved from Cache":22,"X-Content-Type-Options Header Missing":22,"Missing Anti-clickjacking Header":5,"Cross-Domain JavaScript Source File Inclusion":14,"Content Security Policy (CSP) Header Not Set":7,"Sub Resource Integrity Attribute Missing":50,"CSP: Wildcard Directive":8,"CSP: script-src unsafe-inline":8,"CSP: style-src unsafe-inline":8,"Information Disclosure - Suspicious Comments":3,"Modern Web Application":3,"Private IP Disclosure":1,"User Agent Fuzzer":371},"owasp_top10":{"A05: Security Misconfiguration":190,"Unmapped / Other":522}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69ecf71b385ead37e8fab160"},"created_at":{"$date":"2026-04-25T17:17:15.829Z"},"url":"https://gujarat.nfsu.ac.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://gujarat.nfsu.ac.in/","scan_timestamp":"20260425_165734","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":183,"urls_list":["https://gujarat.nfsu.ac.in/robots.txt","https://gujarat.nfsu.ac.in/sitemap.xml","https://gujarat.nfsu.ac.in/","https://gujarat.nfsu.ac.in/about/about_campus","https://gujarat.nfsu.ac.in/assets/img/favicon.ico","https://gujarat.nfsu.ac.in/facility","https://gujarat.nfsu.ac.in/contact","https://gujarat.nfsu.ac.in/department/scholarship/1","https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js?v=P93G0oq6PBPWTP1IR8Mz_0jHHUpaWL0aBJTKauisG7Q","https://gujarat.nfsu.ac.in/assets/js/wow.min.js?v=DsYy5qsC1P3VFNp_Xtx0qijJ1Mca928ci5Oh-6hbzGk","https://gujarat.nfsu.ac.in/assets/js/bootsnav.js?v=2zE_ZcuDqI7BKTdOqSt6LRlo1J6RcgLbkDQMHhrLrjo","https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css?v=RdH19s-RN0bEXdaXsajztxnALYs_Z43H_Cdm1U4ar24","https://gujarat.nfsu.ac.in/assets/js/count-to.js?v=bxkaXxQJ-K5IrSPES0bTJ8bjKCB3ev2xuY3y0r1gBHw","https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js?v=yO9o4p83aYQnnzNmGU3srUpFQgIDNbOXve3yx_XfQJ4","https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js?v=mQbwBEtlhDcElNg4lKD-9q0uiaQcqDh7EJriKSbRFxE","https://gujarat.nfsu.ac.in/c_director","https://gujarat.nfsu.ac.in/assets/js/loopcounter.js?v=8k7mOf_eKHjSiJSopHral9Wa-gptliD8Tgmh8AuOxA8","https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js?v=-WFRRTv1uGEhn6sykgWJyTBYDE8cQn8uAj50Kefp9II","https://gujarat.nfsu.ac.in/img/guj_map.png","https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css?v=m27mmDAkvoFG5hV5IdY1xshwd1KP7rq-pH78C5wQcsw","https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","https://gujarat.nfsu.ac.in/department/coe/1","https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css?v=hVQMlW6MzBd41R4EnrovOrZiP2klfEvP9_nhQnK58oA","https://gujarat.nfsu.ac.in/rti","https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js?v=Atqd2gQ3d_4hF7_MbVRSPFPBJMzt4Imz29R4EHgr7wQ","https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js?v=ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ-Xp8a4MxAQ","https://gujarat.nfsu.ac.in/Home","https://gujarat.nfsu.ac.in/assets/css/bootsnav.css?v=el4oz6z0NMcX7yrTD90wUjcdsOGvhXIKhZT3r6hARls","https://gujarat.nfsu.ac.in/news/1","https://gujarat.nfsu.ac.in/assets/css/animate.css?v=cMlBo4QTeAkRPTPbC01o4xqF9xHNv7WilSVkrAj9xuU","https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css?v=rnXJNoYTT5QgoCfqv1nt7X5L2nXaTGHrmb9eIZOwIb0","https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js?v=zAdh941DoLFXtGUGZBEF_46kYB76aqVq3aCTjawcSws","https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js?v=4ruDdxuPsZDRfKEzAkk-LGbUKp_LqAAqerk1EPrIE0w","https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css?v=KWs9jp-jZzOZmmnW5jC8Y2HqI9rajJig5I00un99DtI","https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js?v=Zr3vByTlMGQhvMfgkQ5BtWRSKBGa2QlspKYJnkjZTmo","https://gujarat.nfsu.ac.in/assets/css/responsive.css?v=8VcStVPbbiQn98rBdEEwHV0_Sygry8ItZ7CMfPGFJUI","https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","https://gujarat.nfsu.ac.in/department/coedetails/131","https://gujarat.nfsu.ac.in/about/about_campus/1","https://gujarat.nfsu.ac.in/img/facility/Main%20Entrance.jpg","https://gujarat.nfsu.ac.in/style.css?v=20EmI1uL-bJY60L5IuoZtKRD2Fq9FQ-CyqLZbmqOSSA","https://gujarat.nfsu.ac.in/events/1","https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css?v=AAJgOvywxDoePgP-erATZd9IV3C8CYiyQz7F663SM3I","https://gujarat.nfsu.ac.in/department/coedetails/111","https://gujarat.nfsu.ac.in/department/coedetails/107","https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","https://gujarat.nfsu.ac.in/department/list/1","https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js?v=U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8","https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js?v=kBmIfe6JalGvz0xJcR4cW4LEk6NCVV5B2ArA8BJKlIM","https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","https://gujarat.nfsu.ac.in/assets/js/main.js?v=g0_M3QBus1e2ycnExB_jEBClbDHkrDCJYOcysFMtEVM","https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css?v=0-jXM9C-PRxJnALVSUsswrrbCyb-2rPjGQbwwumB49Y","https://gujarat.nfsu.ac.in/img/coe/research3.jpg","https://gujarat.nfsu.ac.in/program/list/44","https://gujarat.nfsu.ac.in/program/list/45","https://gujarat.nfsu.ac.in/program/list/58","https://gujarat.nfsu.ac.in/program/list/61","https://gujarat.nfsu.ac.in/program/list/63","https://gujarat.nfsu.ac.in/program/list/43","https://gujarat.nfsu.ac.in/program/list/57","https://gujarat.nfsu.ac.in/Faculty/list/1","https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","https://gujarat.nfsu.ac.in/program/list/56","https://gujarat.nfsu.ac.in/department/details/62","https://gujarat.nfsu.ac.in/img/logo.png","https://gujarat.nfsu.ac.in/department/details/45","https://gujarat.nfsu.ac.in/img/coe/research4.jpg","https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","https://gujarat.nfsu.ac.in/department/details/60","https://gujarat.nfsu.ac.in/img/program/police_sc.png","https://gujarat.nfsu.ac.in/img/program/bScience.png","https://gujarat.nfsu.ac.in/img/program/pharmacy.png","https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","https://gujarat.nfsu.ac.in/img/program/cyber_security.png","https://gujarat.nfsu.ac.in/program/list/60","https://gujarat.nfsu.ac.in/department/details/58","https://gujarat.nfsu.ac.in/department/details/57","https://gujarat.nfsu.ac.in/department/details/63","https://gujarat.nfsu.ac.in/img/program/doctoral.png","https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","https://gujarat.nfsu.ac.in/program/list/42","https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","https://gujarat.nfsu.ac.in/img/program/engg_tech.png","https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","https://gujarat.nfsu.ac.in/department/details/56","https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","https://gujarat.nfsu.ac.in/department/details/44","https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","https://gujarat.nfsu.ac.in/program/list/62","https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","https://gujarat.nfsu.ac.in/img/program/management.png","https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","https://gujarat.nfsu.ac.in/department/details/61","https://gujarat.nfsu.ac.in/department/details/42","https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","https://gujarat.nfsu.ac.in/img/coe/research2.jpg","https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","https://gujarat.nfsu.ac.in/B.Tech","https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","https://gujarat.nfsu.ac.in/department/details/43","https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","https://gujarat.nfsu.ac.in/img/notification.png","https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","https://gujarat.nfsu.ac.in/img/1.jpg","https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","https://gujarat.nfsu.ac.in/Faculty/Staff/1","https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","https://gujarat.nfsu.ac.in/img/program/medico.png","https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","https://gujarat.nfsu.ac.in/img/program/openLearning.png","https://gujarat.nfsu.ac.in/OBC","https://gujarat.nfsu.ac.in/EWS","https://gujarat.nfsu.ac.in/B.Tech.","https://gujarat.nfsu.ac.in/Technology","https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","https://gujarat.nfsu.ac.in/img/program/forensic.png","https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","https://gujarat.nfsu.ac.in/newsletter","https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","https://gujarat.nfsu.ac.in/Computer","https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","https://gujarat.nfsu.ac.in/Electronics","https://gujarat.nfsu.ac.in/img/coe/research1.jpg","https://gujarat.nfsu.ac.in/img/program/forensic_justice.png"],"duration":10.040944337844849},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.051198720932},"passive_scan":{"status":"completed","duration":0.004159212112426758},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"gujarat.nfsu.ac.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":210.05516147613525},"vulnerabilities":{"total_alerts":1365,"high_risk":0,"medium_risk":446,"low_risk":694,"informational":225,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"0","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"6","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"7","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":51,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"15","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":58,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"19","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":73,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"20","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":59,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"21","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":85,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"27","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":93,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"29","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":97,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"30","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":102,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"33","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":104,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"34","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":116,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"39","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":114,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"40","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":129,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"43","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":123,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"45","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"47","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":120,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"50","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":180,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"60","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":185,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"61","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":183,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"62","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":184,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"64","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":187,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"66","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"68","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":191,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"69","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":214,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"72","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":244,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"82","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":249,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"85","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":209,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"87","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":261,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"89","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":253,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"92","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":264,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"101","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":271,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"107","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":282,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"110","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":278,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"114","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":275,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"116","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":281,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"118","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":284,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"120","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":292,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"124","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":286,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"126","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":294,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"127","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":295,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"129","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":296,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"131","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":301,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"132","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":298,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"133","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":300,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"134","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":297,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"136","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":299,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"137","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":305,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"138","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":307,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"140","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":308,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"141","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":304,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"143","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":311,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"146","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":309,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"149","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":312,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"151","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":315,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"154","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":306,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"160","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":313,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"162","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":314,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"163","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":322,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"165","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":317,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"166","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":320,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"168","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":319,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"170","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":321,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"172","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":325,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"191","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":324,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"192","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":326,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"197","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":327,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"205","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":328,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"211","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":329,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"214","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":330,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"219","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":331,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"225","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":333,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"229","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":334,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"231","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":336,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"236","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":337,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"238","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":341,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"245","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":342,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"247","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":338,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"249","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":343,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"253","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":349,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"255","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":347,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"260","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":351,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"262","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":350,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"263","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":352,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"266","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":353,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"285","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":354,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"290","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":317,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"336","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":324,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"341","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":355,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"348","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":136,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"349","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":333,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"350","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":114,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"351","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":97,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"361","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":281,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"362","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":357,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"363","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":305,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"364","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":286,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"365","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":73,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"366","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":358,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"368","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":284,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"369","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":93,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"370","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":309,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"372","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":104,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"374","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":191,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"378","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":315,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"379","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":312,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"380","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":282,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"381","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":183,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"383","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":59,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"384","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":319,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"387","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":51,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"388","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":116,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"389","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":123,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"390","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":261,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"392","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":244,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"393","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":58,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"394","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":189,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"395","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":299,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"396","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":278,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"400","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":214,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"401","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":322,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"402","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":325,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"404","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":338,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"405","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":102,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"406","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":327,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"407","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":326,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"411","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":292,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"412","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":304,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"413","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":307,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"414","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":313,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"415","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":334,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"417","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":187,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"418","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":296,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"420","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":353,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"421","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":311,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"422","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":180,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"423","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":308,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"424","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":314,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"425","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":271,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"426","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":301,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"427","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":129,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"428","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":294,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"430","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":351,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"431","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":295,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"432","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":264,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"433","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":320,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"434","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":249,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"435","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":328,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"436","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":331,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"437","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":352,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"438","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":321,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"439","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":306,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"440","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":341,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"446","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":298,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"447","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":336,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"448","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":342,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"450","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":337,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"452","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":275,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"455","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":85,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"456","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":350,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"457","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":349,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"459","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":343,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"462","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":329,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"465","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":120,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"466","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":185,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"470","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":364,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"473","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":184,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"478","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":354,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"480","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":297,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"482","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":300,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"486","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":358,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"487","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":253,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"488","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":365,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"489","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":330,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"495","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":209,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"509","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":366,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"518","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":355,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"527","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":367,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"531","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":357,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"532","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":347,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"542","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":353,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"550","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":73,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"553","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":73,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"555","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":333,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"562","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":104,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"569","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":369,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"574","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":327,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"589","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":317,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"600","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":353,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"611","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":278,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"613","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":370,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"616","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":371,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"619","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":364,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"620","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":333,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"627","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":372,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"631","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":104,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"635","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":116,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"644","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":328,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"646","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"647","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":97,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"652","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":327,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"656","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":373,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"659","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"674","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":365,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"678","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":317,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"679","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":375,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"683","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":313,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"693","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":376,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"697","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"726","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":324,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"727","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":281,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"728","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":305,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"729","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":281,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"730","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":244,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"731","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":367,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"732","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":292,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"737","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":116,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"738","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":328,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"740","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"741","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":286,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"743","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":97,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"745","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":282,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"747","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":377,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"749","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":369,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"775","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":183,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"778","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":249,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"780","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":307,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"781","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":214,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"784","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":308,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"785","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":341,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"789","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":294,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"795","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":313,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"797","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":278,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"806","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":102,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"814","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":284,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"824","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":378,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"825","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":366,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"826","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":379,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"828","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":315,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"829","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"835","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":324,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"836","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":305,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"838","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":244,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"839","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":380,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"841","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":370,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"843","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":261,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"844","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":292,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"845","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":381,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"847","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":286,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"849","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":372,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"854","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":282,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"855","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":304,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"856","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":382,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"857","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":319,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"858","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":371,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"861","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":85,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"865","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":114,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"871","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":114,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"873","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":377,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"874","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":351,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"875","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":296,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"876","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":187,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"878","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":334,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"879","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":338,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"880","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":180,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"881","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":183,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"884","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":325,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"886","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":249,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"887","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":308,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"890","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":301,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"893","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":341,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"895","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":314,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"896","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":383,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"898","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":373,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"899","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":294,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"901","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"906","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":297,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"908","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":312,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"912","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":51,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"913","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":384,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"918","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":375,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"919","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":376,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"920","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":385,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"921","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":102,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"922","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":191,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"925","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":284,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"931","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":355,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"932","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":315,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"933","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":386,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"936","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":331,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"938","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":93,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"940","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":261,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"947","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":387,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"954","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":388,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"955","alertRef":"10020-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":304,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"958","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":319,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"959","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":322,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"961","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":336,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"962","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":309,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"966","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":59,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"968","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":85,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"969","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":253,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"971","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":326,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"973","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":123,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"975","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":123,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"977","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":351,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"979","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":296,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"980","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":187,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"982","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":295,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"983","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":334,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"984","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":338,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"985","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":180,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"987","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":325,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"992","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":129,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"993","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":347,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"994","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":185,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1000","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":214,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1001","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":264,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1002","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":301,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1004","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":314,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1007","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":271,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1008","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":311,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1009","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":321,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1011","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":184,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1016","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1017","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":297,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1018","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":343,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1019","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":337,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1020","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":300,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1021","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":337,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1023","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":51,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1024","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":330,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1026","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":354,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1027","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":58,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1029","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":342,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1030","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":191,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1031","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":306,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1032","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":298,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1034","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":275,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1036","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":357,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1037","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":364,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1038","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":355,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1039","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":358,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1041","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":120,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1043","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":329,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1045","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":331,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1046","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":93,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1049","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":378,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1050","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":379,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1058","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":322,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1062","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":336,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1064","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":381,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1067","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":309,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1070","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":320,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1072","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":59,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1073","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":320,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1074","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":253,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1076","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":380,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1077","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":326,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1078","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":299,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1079","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":350,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1080","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":382,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1083","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":295,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1084","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":388,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1089","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":129,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1097","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":347,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1098","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":185,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1103","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":264,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1104","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":271,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1107","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":311,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1109","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":321,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1110","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":184,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1117","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":343,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1119","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":312,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1120","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":300,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1122","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":330,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1125","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":354,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1128","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":58,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1129","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":342,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1130","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":306,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1132","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":298,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1133","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":383,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1135","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":275,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1136","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":364,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1138","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":358,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1140","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":365,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1141","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":120,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1143","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":329,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1146","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":384,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1150","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":385,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1154","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":366,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1155","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":386,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1157","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":299,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1165","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":350,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1166","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":367,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1169","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":387,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1170","alertRef":"10038-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":352,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1172","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":372,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1187","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":372,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1188","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":369,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1201","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":357,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1216","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":365,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1221","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":209,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1229","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":366,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1234","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":375,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1239","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":375,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1242","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":367,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1245","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":352,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1250","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":371,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1259","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":377,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1263","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":377,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1264","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":369,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1271","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":373,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1286","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":209,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1291","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":371,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1307","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":373,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1326","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":376,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1327","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":378,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1333","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":378,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1334","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":379,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1335","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":386,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1341","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":386,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1342","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":382,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1345","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1346","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":380,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1347","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":376,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1348","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":370,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1351","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":379,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1352","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1353","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":383,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1354","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":381,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1356","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":382,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1360","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1361","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":380,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1362","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":370,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1365","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1366","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":383,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1367","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":381,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1371","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js (v)","sourceid":"3","other":"The identified library bootstrap, version 3.3.7 is vulnerable.\nCVE-2018-14041\nCVE-2019-8331\nCVE-2018-14040\nCVE-2018-20677\nCVE-2018-20676\nCVE-2018-14042\nCVE-2016-10735\nCVE-2024-6485\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6485\nhttps://github.com/twbs/bootstrap/issues/28236\nhttps://www.herodevs.com/vulnerability-directory/cve-2024-6485\nhttps://github.com/advisories/GHSA-pj7m-g53m-7638\nhttps://github.com/twbs/bootstrap/issues/20184\nhttps://github.com/advisories/GHSA-vxmc-5x29-h64v\nhttps://github.com/advisories/GHSA-ph58-4vrj-w6hr\nhttps://github.com/twbs/bootstrap\nhttps://github.com/twbs/bootstrap/issues/20631\nhttps://github.com/advisories/GHSA-4p24-vmcr-4gqj\nhttps://github.com/advisories/GHSA-9v3m-8fp8-mj99\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20676\n","method":"GET","evidence":"* Bootstrap v3.3.7","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":140,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"140","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js?v=U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8","tags":{"CVE-2018-14041":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041","CVE-2019-8331":"https://nvd.nist.gov/vuln/detail/CVE-2019-8331","CVE-2018-14040":"https://nvd.nist.gov/vuln/detail/CVE-2018-14040","CVE-2018-20677":"https://nvd.nist.gov/vuln/detail/CVE-2018-20677","CVE-2018-20676":"https://nvd.nist.gov/vuln/detail/CVE-2018-20676","CVE-2018-14042":"https://nvd.nist.gov/vuln/detail/CVE-2018-14042","CVE-2016-10735":"https://nvd.nist.gov/vuln/detail/CVE-2016-10735","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","CVE-2024-6485":"https://nvd.nist.gov/vuln/detail/CVE-2024-6485","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","POLICY_QA_STD":"","POLICY_PENTEST":"","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"1372","alertRef":"10003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":385,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1373","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":387,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1374","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":385,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1383","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":387,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1384","alertRef":"90003"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js (v)","sourceid":"3","other":"The identified library jquery, version 1.12.4 is vulnerable.\nCVE-2020-11023\nCVE-2020-11022\nCVE-2015-9251\nCVE-2019-11358\nhttps://github.com/jquery/jquery/issues/2432\nhttp://research.insecurelabs.org/jquery/test/\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/advisories/GHSA-rmxg-73gg-4p98\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\nhttps://bugs.jquery.com/ticket/11974\nhttps://github.com/jquery/jquery.com/issues/162\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\n","method":"GET","evidence":"jquery-1.12.4.min.js","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":101,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"101","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js?v=ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ-Xp8a4MxAQ","tags":{"CVE-2020-11023":"https://nvd.nist.gov/vuln/detail/CVE-2020-11023","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","CVE-2020-11022":"https://nvd.nist.gov/vuln/detail/CVE-2020-11022","POLICY_QA_STD":"","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","POLICY_PENTEST":"","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","CVE-2015-9251":"https://nvd.nist.gov/vuln/detail/CVE-2015-9251","CVE-2019-11358":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"1405","alertRef":"10003"}],"Low":[{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":1,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"4","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"5","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"8","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"9","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":80,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"80","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css?v=RdH19s-RN0bEXdaXsajztxnALYs_Z43H_Cdm1U4ar24","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"25","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/guj_map.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":88,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"88","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/guj_map.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"26","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":90,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"90","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css?v=m27mmDAkvoFG5hV5IdY1xshwd1KP7rq-pH78C5wQcsw","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"28","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":90,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"90","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css?v=m27mmDAkvoFG5hV5IdY1xshwd1KP7rq-pH78C5wQcsw","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"31","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":91,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"91","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"32","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":80,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"80","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css?v=RdH19s-RN0bEXdaXsajztxnALYs_Z43H_Cdm1U4ar24","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"35","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":110,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"110","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css?v=KWs9jp-jZzOZmmnW5jC8Y2HqI9rajJig5I00un99DtI","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"36","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/guj_map.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":88,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"88","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/guj_map.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"37","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":95,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"95","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css?v=hVQMlW6MzBd41R4EnrovOrZiP2klfEvP9_nhQnK58oA","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"38","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"90","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css?v=m27mmDAkvoFG5hV5IdY1xshwd1KP7rq-pH78C5wQcsw","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"41","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":113,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"113","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"42","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":91,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"91","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"44","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":122,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"122","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css?v=AAJgOvywxDoePgP-erATZd9IV3C8CYiyQz7F663SM3I","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"46","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Main Entrance.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":118,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"118","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Main%20Entrance.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"48","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":110,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"110","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css?v=KWs9jp-jZzOZmmnW5jC8Y2HqI9rajJig5I00un99DtI","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"49","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":80,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"80","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css?v=RdH19s-RN0bEXdaXsajztxnALYs_Z43H_Cdm1U4ar24","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"51","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/guj_map.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":88,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"88","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/guj_map.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"52","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":80,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"80","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/magnific-popup.css?v=RdH19s-RN0bEXdaXsajztxnALYs_Z43H_Cdm1U4ar24","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"53","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":135,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"135","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"54","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":133,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"133","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"55","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":132,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"132","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"56","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":134,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"134","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"57","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":141,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"141","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"58","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"90","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/flaticon-set.css?v=m27mmDAkvoFG5hV5IdY1xshwd1KP7rq-pH78C5wQcsw","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"59","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":113,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"113","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"63","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":161,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"161","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"65","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":173,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"173","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"67","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":179,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"179","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"70","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":91,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"91","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"71","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":91,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"91","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Room.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"73","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":110,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"110","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css?v=KWs9jp-jZzOZmmnW5jC8Y2HqI9rajJig5I00un99DtI","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"74","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":213,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"213","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"75","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/responsive.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":112,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"112","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/responsive.css?v=8VcStVPbbiQn98rBdEEwHV0_Sygry8ItZ7CMfPGFJUI","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"76","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Main Entrance.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":118,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"118","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Main%20Entrance.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"77","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":95,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"95","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css?v=hVQMlW6MzBd41R4EnrovOrZiP2klfEvP9_nhQnK58oA","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"78","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":132,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"132","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"79","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":103,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"103","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css?v=el4oz6z0NMcX7yrTD90wUjcdsOGvhXIKhZT3r6hARls","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"80","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/guj_map.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":88,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"88","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/guj_map.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"81","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":134,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"134","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"83","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/animate.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":106,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"106","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/animate.css?v=cMlBo4QTeAkRPTPbC01o4xqF9xHNv7WilSVkrAj9xuU","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"84","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/logo.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":248,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"248","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/logo.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"86","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":254,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"254","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"88","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":141,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"141","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"90","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":103,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"103","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css?v=el4oz6z0NMcX7yrTD90wUjcdsOGvhXIKhZT3r6hARls","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"91","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":257,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"257","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"93","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/bScience.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":256,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"256","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/bScience.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"94","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":161,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"161","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"95","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":178,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"178","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css?v=0-jXM9C-PRxJnALVSUsswrrbCyb-2rPjGQbwwumB49Y","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"96","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":250,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"250","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"97","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":277,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"277","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"98","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":259,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"259","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"99","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":251,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"251","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"100","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":258,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"258","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"102","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/style.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":119,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"119","inputVector":"","url":"https://gujarat.nfsu.ac.in/style.css?v=20EmI1uL-bJY60L5IuoZtKRD2Fq9FQ-CyqLZbmqOSSA","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"103","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":260,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"260","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"104","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":173,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"173","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"105","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":110,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"110","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.theme.default.min.css?v=KWs9jp-jZzOZmmnW5jC8Y2HqI9rajJig5I00un99DtI","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"106","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":213,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"213","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"108","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":179,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"179","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"109","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":280,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"280","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"111","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":122,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"122","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css?v=AAJgOvywxDoePgP-erATZd9IV3C8CYiyQz7F663SM3I","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"112","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":285,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"285","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"113","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":135,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"135","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"115","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":107,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"107","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css?v=rnXJNoYTT5QgoCfqv1nt7X5L2nXaTGHrmb9eIZOwIb0","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"117","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":133,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"133","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"119","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/responsive.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":112,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"112","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/responsive.css?v=8VcStVPbbiQn98rBdEEwHV0_Sygry8ItZ7CMfPGFJUI","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"121","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Main Entrance.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":118,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"118","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Main%20Entrance.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"122","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":95,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"95","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css?v=hVQMlW6MzBd41R4EnrovOrZiP2klfEvP9_nhQnK58oA","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"123","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":133,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"133","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"125","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":132,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"132","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"128","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/management.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":303,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"303","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/management.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"130","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":254,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"254","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"135","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":254,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"254","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"139","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"141","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"142","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/bScience.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":256,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"256","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/bScience.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"144","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":250,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"250","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"145","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":254,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"254","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/police_sc.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"147","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":250,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"250","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"148","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":103,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"103","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css?v=el4oz6z0NMcX7yrTD90wUjcdsOGvhXIKhZT3r6hARls","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"150","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":113,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"113","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"152","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":161,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"161","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"153","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":258,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"258","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"155","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":277,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"277","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"156","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":259,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"259","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"157","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":178,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"178","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css?v=0-jXM9C-PRxJnALVSUsswrrbCyb-2rPjGQbwwumB49Y","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"158","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/style.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":119,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"119","inputVector":"","url":"https://gujarat.nfsu.ac.in/style.css?v=20EmI1uL-bJY60L5IuoZtKRD2Fq9FQ-CyqLZbmqOSSA","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"159","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":251,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"251","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"161","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":277,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"277","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"164","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":179,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"179","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"167","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":259,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"259","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"171","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":213,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"213","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"173","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":318,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"318","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"174","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":178,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"178","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css?v=0-jXM9C-PRxJnALVSUsswrrbCyb-2rPjGQbwwumB49Y","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"175","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":122,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"122","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css?v=AAJgOvywxDoePgP-erATZd9IV3C8CYiyQz7F663SM3I","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"176","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":259,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"259","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Arial_View.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"177","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":280,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"280","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"178","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":122,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"122","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/owl.carousel.min.css?v=AAJgOvywxDoePgP-erATZd9IV3C8CYiyQz7F663SM3I","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"179","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":285,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"285","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"180","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":280,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"280","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"181","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/responsive.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":112,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"112","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/responsive.css?v=8VcStVPbbiQn98rBdEEwHV0_Sygry8ItZ7CMfPGFJUI","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"182","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Main Entrance.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":118,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"118","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Main%20Entrance.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"183","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":95,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"95","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/elegant-icons.css?v=hVQMlW6MzBd41R4EnrovOrZiP2klfEvP9_nhQnK58oA","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"184","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":134,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"134","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"185","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/animate.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":106,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"106","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/animate.css?v=cMlBo4QTeAkRPTPbC01o4xqF9xHNv7WilSVkrAj9xuU","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"186","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":133,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"133","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/CDC(1).jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"187","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":132,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"132","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Ballistic.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"188","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/management.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":303,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"303","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/management.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"189","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/logo.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":248,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"248","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/logo.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"190","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/management.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":303,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"303","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/management.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"193","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/management.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":303,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"303","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/management.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"194","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":257,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"257","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"195","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":141,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"141","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Immunoanalyzer.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"196","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/bScience.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":256,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"256","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/bScience.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"198","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":257,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"257","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"199","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/bScience.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":256,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"256","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/bScience.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"200","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":250,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"250","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research4.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"201","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":103,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"103","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootsnav.css?v=el4oz6z0NMcX7yrTD90wUjcdsOGvhXIKhZT3r6hARls","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"202","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":113,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"113","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Class-Room.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"203","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"161","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Lower-Auditorium.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"204","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":260,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"260","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"206","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"173","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"207","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":258,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"258","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"208","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":258,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"258","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Laboratory.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"209","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"173","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Spectrometry.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"210","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":260,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"260","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"212","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":84,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"84","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js?v=mQbwBEtlhDcElNg4lKD-9q0uiaQcqDh7EJriKSbRFxE","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"213","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":179,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"179","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research3.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"215","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":178,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"178","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/bootstrap.min.css?v=0-jXM9C-PRxJnALVSUsswrrbCyb-2rPjGQbwwumB49Y","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"218","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":135,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"135","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"220","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":213,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"213","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Hostel-Mess.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"221","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":107,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"107","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css?v=rnXJNoYTT5QgoCfqv1nt7X5L2nXaTGHrmb9eIZOwIb0","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"223","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":318,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"318","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"224","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/style.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":119,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"119","inputVector":"","url":"https://gujarat.nfsu.ac.in/style.css?v=20EmI1uL-bJY60L5IuoZtKRD2Fq9FQ-CyqLZbmqOSSA","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"226","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":135,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"135","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Studio-Apartment.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"227","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":86,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"86","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js?v=8k7mOf_eKHjSiJSopHral9Wa-gptliD8Tgmh8AuOxA8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"228","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":285,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"285","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"230","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":280,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"280","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/Avoximeter.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"232","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/responsive.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":112,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"112","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/responsive.css?v=8VcStVPbbiQn98rBdEEwHV0_Sygry8ItZ7CMfPGFJUI","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"233","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":134,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"134","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/BoardRoom.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"234","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/count-to.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":82,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"82","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/count-to.js?v=bxkaXxQJ-K5IrSPES0bTJ8bjKCB3ev2xuY3y0r1gBHw","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"235","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/notification.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":335,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"335","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/notification.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"237","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/logo.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":248,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"248","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/logo.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"239","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/logo.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":248,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"248","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/logo.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"240","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/animate.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":106,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"106","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/animate.css?v=cMlBo4QTeAkRPTPbC01o4xqF9xHNv7WilSVkrAj9xuU","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"241","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/animate.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":106,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"106","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/animate.css?v=cMlBo4QTeAkRPTPbC01o4xqF9xHNv7WilSVkrAj9xuU","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"242","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":83,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"83","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js?v=yO9o4p83aYQnnzNmGU3srUpFQgIDNbOXve3yx_XfQJ4","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"243","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/1.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":340,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"340","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"246","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":257,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"257","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/pharmacy.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"248","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":277,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"277","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/doctoral.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"250","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":251,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"251","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"251","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":260,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"260","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/cyber_security.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"252","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":84,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"84","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js?v=mQbwBEtlhDcElNg4lKD-9q0uiaQcqDh7EJriKSbRFxE","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"254","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"84","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js?v=mQbwBEtlhDcElNg4lKD-9q0uiaQcqDh7EJriKSbRFxE","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"257","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/style.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":119,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"119","inputVector":"","url":"https://gujarat.nfsu.ac.in/style.css?v=20EmI1uL-bJY60L5IuoZtKRD2Fq9FQ-CyqLZbmqOSSA","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"258","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":318,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"318","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"259","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":86,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"86","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js?v=8k7mOf_eKHjSiJSopHral9Wa-gptliD8Tgmh8AuOxA8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"264","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":285,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"285","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/engg_tech.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"268","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/count-to.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":82,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"82","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/count-to.js?v=bxkaXxQJ-K5IrSPES0bTJ8bjKCB3ev2xuY3y0r1gBHw","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"276","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":83,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"83","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js?v=yO9o4p83aYQnnzNmGU3srUpFQgIDNbOXve3yx_XfQJ4","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"277","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/notification.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":335,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"335","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/notification.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"291","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":107,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"107","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css?v=rnXJNoYTT5QgoCfqv1nt7X5L2nXaTGHrmb9eIZOwIb0","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"299","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"86","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js?v=8k7mOf_eKHjSiJSopHral9Wa-gptliD8Tgmh8AuOxA8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"302","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":108,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"108","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js?v=zAdh941DoLFXtGUGZBEF_46kYB76aqVq3aCTjawcSws","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"316","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":111,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"111","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js?v=Zr3vByTlMGQhvMfgkQ5BtWRSKBGa2QlspKYJnkjZTmo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"342","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":251,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"251","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Upper-Auditorium.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"344","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/medico.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":356,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"356","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/medico.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"355","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":84,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"84","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/equal-height.min.js?v=mQbwBEtlhDcElNg4lKD-9q0uiaQcqDh7EJriKSbRFxE","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"356","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":318,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"318","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research2.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"358","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":109,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"109","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js?v=4ruDdxuPsZDRfKEzAkk-LGbUKp_LqAAqerk1EPrIE0w","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"375","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":83,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"83","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js?v=yO9o4p83aYQnnzNmGU3srUpFQgIDNbOXve3yx_XfQJ4","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"377","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":359,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"359","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"382","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/notification.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":335,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"335","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/notification.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"391","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/1.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":340,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"340","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"397","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":107,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"107","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/css/font-awesome.min.css?v=rnXJNoYTT5QgoCfqv1nt7X5L2nXaTGHrmb9eIZOwIb0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"398","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":86,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"86","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/loopcounter.js?v=8k7mOf_eKHjSiJSopHral9Wa-gptliD8Tgmh8AuOxA8","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"399","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":78,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"78","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js?v=DsYy5qsC1P3VFNp_Xtx0qijJ1Mca928ci5Oh-6hbzGk","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"403","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":108,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"108","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js?v=zAdh941DoLFXtGUGZBEF_46kYB76aqVq3aCTjawcSws","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"416","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/medico.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":356,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"356","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/medico.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"449","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":79,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"79","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js?v=2zE_ZcuDqI7BKTdOqSt6LRlo1J6RcgLbkDQMHhrLrjo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"454","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":109,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"109","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js?v=4ruDdxuPsZDRfKEzAkk-LGbUKp_LqAAqerk1EPrIE0w","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"460","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/count-to.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":82,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"82","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/count-to.js?v=bxkaXxQJ-K5IrSPES0bTJ8bjKCB3ev2xuY3y0r1gBHw","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"461","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":83,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"83","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.appear.js?v=yO9o4p83aYQnnzNmGU3srUpFQgIDNbOXve3yx_XfQJ4","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"463","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":359,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"359","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"464","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/notification.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":335,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"335","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/notification.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"468","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/1.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":340,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"340","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"471","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":78,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"78","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js?v=DsYy5qsC1P3VFNp_Xtx0qijJ1Mca928ci5Oh-6hbzGk","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"474","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":99,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"99","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js?v=Atqd2gQ3d_4hF7_MbVRSPFPBJMzt4Imz29R4EHgr7wQ","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"476","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"under construction","pluginId":"10023","cweid":"1295","confidence":"Medium","sourceMessageId":58,"wascid":"13","description":"The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ERRH-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling","CWE-1295":"https://cwe.mitre.org/data/definitions/1295.html","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Disable debugging messages before pushing to production.","alert":"Information Disclosure - Debug Error Messages","param":"","attack":"","name":"Information Disclosure - Debug Error Messages","risk":"Low","id":"479","alertRef":"10023"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/main.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":162,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"162","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/main.js?v=g0_M3QBus1e2ycnExB_jEBClbDHkrDCJYOcysFMtEVM","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"481","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":108,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"108","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js?v=zAdh941DoLFXtGUGZBEF_46kYB76aqVq3aCTjawcSws","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"483","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":73,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"490","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":73,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"492","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":111,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"111","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js?v=Zr3vByTlMGQhvMfgkQ5BtWRSKBGa2QlspKYJnkjZTmo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"496","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":111,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"111","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js?v=Zr3vByTlMGQhvMfgkQ5BtWRSKBGa2QlspKYJnkjZTmo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"497","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":111,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"111","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js?v=Zr3vByTlMGQhvMfgkQ5BtWRSKBGa2QlspKYJnkjZTmo","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"500","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":104,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"505","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":104,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"507","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":116,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"513","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":189,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"514","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":327,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"521","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":97,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"523","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/count-to.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"82","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/count-to.js?v=bxkaXxQJ-K5IrSPES0bTJ8bjKCB3ev2xuY3y0r1gBHw","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"524","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":109,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"109","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js?v=4ruDdxuPsZDRfKEzAkk-LGbUKp_LqAAqerk1EPrIE0w","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"525","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":359,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"359","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"526","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":359,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"359","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/openLearning.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"528","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/1.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":340,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"340","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/1.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"529","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":99,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"99","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js?v=Atqd2gQ3d_4hF7_MbVRSPFPBJMzt4Imz29R4EHgr7wQ","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"530","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":78,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"78","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js?v=DsYy5qsC1P3VFNp_Xtx0qijJ1Mca928ci5Oh-6hbzGk","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"533","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":313,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"534","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":317,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"535","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":317,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"537","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/main.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":162,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"162","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/main.js?v=g0_M3QBus1e2ycnExB_jEBClbDHkrDCJYOcysFMtEVM","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"538","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":108,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"108","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/imagesloaded.pkgd.min.js?v=zAdh941DoLFXtGUGZBEF_46kYB76aqVq3aCTjawcSws","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"539","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":368,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"368","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"544","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":353,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"545","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":353,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"546","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":278,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"549","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":278,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"551","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":333,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"559","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":136,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"560","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":333,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"561","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":324,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"563","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":305,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"565","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":281,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"567","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":244,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"568","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":244,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"572","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":328,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"573","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":328,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"575","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":116,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"576","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":189,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"577","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/medico.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":356,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"356","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/medico.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"579","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":79,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"79","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js?v=2zE_ZcuDqI7BKTdOqSt6LRlo1J6RcgLbkDQMHhrLrjo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"581","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":327,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"582","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":286,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"584","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":97,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"587","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":282,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"588","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":183,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"591","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":307,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"593","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":249,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"594","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":109,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"109","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js?v=4ruDdxuPsZDRfKEzAkk-LGbUKp_LqAAqerk1EPrIE0w","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"595","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":214,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"597","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":308,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"598","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":99,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"99","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js?v=Atqd2gQ3d_4hF7_MbVRSPFPBJMzt4Imz29R4EHgr7wQ","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"602","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":294,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"603","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":78,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"78","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/wow.min.js?v=DsYy5qsC1P3VFNp_Xtx0qijJ1Mca928ci5Oh-6hbzGk","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"604","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":313,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"605","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":368,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"368","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"607","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/main.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":162,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"162","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/main.js?v=g0_M3QBus1e2ycnExB_jEBClbDHkrDCJYOcysFMtEVM","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"610","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":102,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"617","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":284,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"618","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":315,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"622","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":136,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"625","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":324,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"629","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":305,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"633","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":281,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"634","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":93,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"636","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":292,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"641","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":261,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"643","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/medico.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":356,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"356","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/medico.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"648","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":286,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"650","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":282,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"653","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":304,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"654","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":319,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"655","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"79","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js?v=2zE_ZcuDqI7BKTdOqSt6LRlo1J6RcgLbkDQMHhrLrjo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"657","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":296,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"662","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":187,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"663","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":338,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"664","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":334,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"666","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":180,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"667","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":183,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"669","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":307,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"670","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":249,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"672","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":325,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"673","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":214,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"675","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":308,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"676","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":341,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"677","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":341,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"685","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":99,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"99","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/modernizr.custom.13711.js?v=Atqd2gQ3d_4hF7_MbVRSPFPBJMzt4Imz29R4EHgr7wQ","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"687","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":294,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"689","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":349,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"694","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":297,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"695","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/main.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"162","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/main.js?v=g0_M3QBus1e2ycnExB_jEBClbDHkrDCJYOcysFMtEVM","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"698","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":312,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"700","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":368,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"368","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"702","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":51,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"708","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":102,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"709","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":191,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"713","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":73,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"715","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":284,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"718","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":355,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"721","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":353,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"722","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":355,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"723","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":315,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"724","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":331,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"725","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":292,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"733","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":104,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"734","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":261,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"736","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":333,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"742","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":304,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"748","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":319,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"750","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":79,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"79","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootsnav.js?v=2zE_ZcuDqI7BKTdOqSt6LRlo1J6RcgLbkDQMHhrLrjo","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"751","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":322,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"752","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":336,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"753","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":309,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"755","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":59,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"756","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":85,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"757","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":320,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"758","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":253,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"759","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":351,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"760","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":326,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"761","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":123,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"762","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":114,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"763","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":299,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"764","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":350,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"765","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":351,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"767","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":296,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"769","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":295,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"770","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":187,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"771","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":338,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"772","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":334,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"773","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":180,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"774","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":352,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"776","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":129,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"777","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":325,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"779","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":185,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"782","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":76,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"76","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js?v=P93G0oq6PBPWTP1IR8Mz_0jHHUpaWL0aBJTKauisG7Q","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"783","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":264,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"786","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":301,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"787","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":301,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"788","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":314,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"790","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":314,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"791","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":271,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"792","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":311,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"794","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":321,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"796","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":317,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"798","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":184,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"799","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":349,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"800","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":343,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"801","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":297,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"802","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":300,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"803","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":337,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"804","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":312,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"805","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":368,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"368","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"807","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":51,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"808","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":330,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"809","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":354,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"810","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":58,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"811","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":342,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"815","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":306,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"816","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":191,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"817","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":73,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"818","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":298,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"819","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":275,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"820","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":364,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"821","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":358,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"822","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":357,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"823","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":353,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"827","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":120,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"831","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":329,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"832","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":331,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"834","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":93,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"837","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":281,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"840","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":104,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"842","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":116,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"846","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":333,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"848","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"851","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":97,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"852","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":328,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"853","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":322,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"859","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":336,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"860","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":309,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"862","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":59,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"863","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":85,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"864","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":253,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"866","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":327,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"867","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":326,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"868","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":123,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"869","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":114,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"870","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":295,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"877","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":347,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"882","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":347,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"883","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":129,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"885","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":185,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"888","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":76,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"76","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js?v=P93G0oq6PBPWTP1IR8Mz_0jHHUpaWL0aBJTKauisG7Q","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"889","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":264,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"891","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":307,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"892","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":76,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"76","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js?v=P93G0oq6PBPWTP1IR8Mz_0jHHUpaWL0aBJTKauisG7Q","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"894","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":271,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"897","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":311,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"900","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":321,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"902","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":317,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"903","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":184,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"904","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":313,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"905","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":343,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"907","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":300,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"909","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":337,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"910","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":330,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"914","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":354,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"915","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":278,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"916","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":58,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"917","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":306,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"923","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":342,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"924","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":298,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"926","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":275,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"927","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":364,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"928","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":357,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"929","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":358,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"930","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":365,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"934","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":120,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"935","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":329,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"937","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"939","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":281,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"941","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":209,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"943","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":324,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"944","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":305,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"945","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":244,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"946","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":116,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"948","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":189,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"949","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":292,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"950","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":97,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"951","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":328,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"952","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":286,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"953","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":389,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"389","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"960","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":282,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"964","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":320,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"967","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":327,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"970","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":299,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"974","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":350,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"976","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":367,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"978","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":114,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"986","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":352,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"988","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":87,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"87","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js?v=-WFRRTv1uGEhn6sykgWJyTBYDE8cQn8uAj50Kefp9II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"990","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":114,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"991","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":325,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"996","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":140,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"140","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js?v=U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"997","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":144,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"144","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js?v=kBmIfe6JalGvz0xJcR4cW4LEk6NCVV5B2ArA8BJKlIM","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"998","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":183,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"999","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":307,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1003","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":76,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"76","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.magnific-popup.min.js?v=P93G0oq6PBPWTP1IR8Mz_0jHHUpaWL0aBJTKauisG7Q","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1005","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":214,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1006","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":341,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1012","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":294,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1014","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":313,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1015","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":369,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1022","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":278,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1028","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":102,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1040","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":365,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1042","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":284,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1044","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":315,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1047","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1048","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":305,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1051","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":244,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1052","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":292,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1054","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":261,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1055","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":286,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1057","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":366,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1060","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":389,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"389","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1061","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":392,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"392","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1065","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":304,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1066","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":282,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1068","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":319,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1069","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":391,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"391","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1071","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":375,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1075","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":367,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1081","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":123,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1085","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":296,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1086","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":123,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1087","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":338,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1090","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":187,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1091","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":180,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1092","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":351,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1093","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":334,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1094","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":87,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"87","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js?v=-WFRRTv1uGEhn6sykgWJyTBYDE8cQn8uAj50Kefp9II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1095","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":351,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1096","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":325,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1099","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":372,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1100","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":372,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1101","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":183,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1102","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":249,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1105","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":214,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1106","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":308,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1108","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":371,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1111","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":314,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1112","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":341,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1113","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":301,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1114","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":294,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1115","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":377,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1116","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":297,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1118","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":349,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1121","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":349,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1123","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":51,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1126","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":312,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1127","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":337,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1131","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":191,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1134","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":373,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1137","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":102,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1139","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":355,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1142","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":284,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1144","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":275,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1145","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":315,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1147","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":324,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1148","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":209,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1149","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":261,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1151","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":93,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1152","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":366,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1153","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":331,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1156","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":304,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1158","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":392,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"392","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1159","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":319,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1160","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":336,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1161","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":322,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1162","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":391,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"391","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1163","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":375,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1164","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":85,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1167","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":59,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1168","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":309,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1171","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":296,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1173","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":320,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1174","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":326,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1176","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":295,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1177","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":326,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1178","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":338,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1179","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":187,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1180","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":180,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1181","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":334,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1183","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":253,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1184","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":140,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"140","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js?v=U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1185","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":144,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"144","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js?v=kBmIfe6JalGvz0xJcR4cW4LEk6NCVV5B2ArA8BJKlIM","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1186","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":249,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1189","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":308,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1190","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":371,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1191","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":185,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1192","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":314,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1193","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":301,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1194","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":377,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1195","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":129,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1196","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":144,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"144","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js?v=kBmIfe6JalGvz0xJcR4cW4LEk6NCVV5B2ArA8BJKlIM","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1197","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":87,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"87","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js?v=-WFRRTv1uGEhn6sykgWJyTBYDE8cQn8uAj50Kefp9II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1198","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":297,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1199","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":369,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1200","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":264,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1203","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":311,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1204","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":271,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1205","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":51,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1206","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":321,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1207","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":184,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1208","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":271,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1210","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":343,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1211","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":337,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1214","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":191,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1215","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":58,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1217","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":354,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1218","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":330,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1219","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":373,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1220","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":355,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1222","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":275,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1223","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":347,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1224","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":364,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1225","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"1674691200, which evaluates to: 2023-01-26 00:00:00.","method":"GET","evidence":"1674691200","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":120,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1226","alertRef":"10096"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":342,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1227","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":306,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1228","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":376,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1230","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":358,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1231","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":93,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1232","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":298,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1233","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":331,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1235","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":389,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"389","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1236","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":336,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1237","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":322,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1238","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":392,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"392","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1240","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":329,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1241","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":85,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1243","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":59,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1244","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":391,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"391","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1246","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":299,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1247","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":350,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1248","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":367,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1249","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":309,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1251","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":320,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1252","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":295,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1253","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":378,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1254","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":370,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1255","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":253,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1257","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":379,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1258","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":185,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1260","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":140,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"140","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js?v=U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1266","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":144,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"144","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/owl.carousel.min.js?v=kBmIfe6JalGvz0xJcR4cW4LEk6NCVV5B2ArA8BJKlIM","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1267","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":87,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"87","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/isotope.pkgd.min.js?v=-WFRRTv1uGEhn6sykgWJyTBYDE8cQn8uAj50Kefp9II","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1269","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":372,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1270","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":264,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1272","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":311,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1273","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":312,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1274","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":321,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1275","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":184,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1276","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":300,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1277","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":343,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1278","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":382,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1279","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":58,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1280","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":388,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1281","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":354,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1282","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":380,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1283","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":357,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1284","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":330,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1285","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":347,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1287","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":364,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1288","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":342,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1289","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":306,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1290","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":376,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1292","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":358,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1293","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":365,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1294","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":298,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1295","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":389,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"389","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/facility/Executive-Room.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1296","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":329,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1297","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":366,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1298","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":391,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"391","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/coe/research1.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1299","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":299,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1300","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":350,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1301","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":375,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1302","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":378,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1303","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":370,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1304","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":379,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1305","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":384,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1306","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":352,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1308","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":352,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1309","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":383,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1310","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":120,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1311","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":129,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1312","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":381,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1313","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":386,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1314","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":140,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"140","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/bootstrap.min.js?v=U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1315","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":386,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1317","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":385,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1318","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":372,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1319","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":377,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1320","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":300,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1321","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":382,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1322","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":388,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1323","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":380,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1324","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":357,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1325","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":365,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1328","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":392,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"392","inputVector":"","url":"https://gujarat.nfsu.ac.in/img/program/forensic_justice.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1329","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":366,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1330","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":367,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1331","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":375,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1332","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":384,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1336","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":383,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1337","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":120,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1338","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":381,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1339","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":371,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1340","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":387,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1343","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":377,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1344","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":369,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1349","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":373,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1350","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":371,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1355","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":385,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1357","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":387,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1358","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":378,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1359","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":369,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1363","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":373,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1364","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":386,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1368","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":376,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1369","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":379,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1370","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":378,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1375","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":386,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1376","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":376,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1377","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":379,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1378","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":209,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1379","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":382,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1380","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":382,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1381","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":388,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1382","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":384,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1385","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":380,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1386","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":383,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1387","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":209,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1388","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":388,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1389","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":370,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1390","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":384,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1391","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":380,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1392","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":383,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1393","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":381,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1394","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":370,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1395","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":387,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1396","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":381,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1397","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":385,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1398","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":387,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1399","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":385,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1400","alertRef":"10037"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":101,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"101","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js?v=ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ-Xp8a4MxAQ","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1401","alertRef":"10036-2"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":101,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"101","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js?v=ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ-Xp8a4MxAQ","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1402","alertRef":"10035-1"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js (v)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":101,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"101","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js?v=ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ-Xp8a4MxAQ","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1403","alertRef":"10021"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js (v)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":101,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"101","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery-1.12.4.min.js?v=ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ-Xp8a4MxAQ","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1404","alertRef":"10037"}],"Informational":[{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://gujarat.nfsu.ac.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/* jQuery Nice Select - v1.0\n https://github.com/hernansartorio/jquery-nice-select\n Made by Hernán Sartorio */\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"/* jQuery Nice Select - v1.0\n https://","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":111,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"111","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.nice-select.min.js?v=Zr3vByTlMGQhvMfgkQ5BtWRSKBGa2QlspKYJnkjZTmo","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"244","alertRef":"10027"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":97,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"261","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":281,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"265","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":305,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"267","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":286,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"269","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":73,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"270","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":85,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"271","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":284,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"272","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":93,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"273","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":309,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"274","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":104,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"275","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":191,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"278","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":324,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"279","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":315,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"280","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":312,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"281","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":282,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"282","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":183,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"283","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":59,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"284","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":319,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"286","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":51,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"287","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":116,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"288","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":123,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"289","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":261,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"292","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":244,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"293","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":58,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"294","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":189,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"295","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":299,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"296","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":185,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"297","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":317,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"298","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":278,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"300","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":136,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"301","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":214,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"303","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":322,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"304","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":325,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"305","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":102,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"306","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":338,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"307","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":327,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"308","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":184,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"309","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":326,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"310","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":292,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"311","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":304,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"312","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":307,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"313","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":313,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"314","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":297,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"315","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":334,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"317","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":187,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"318","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":296,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"319","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":300,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"320","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":311,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"321","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":180,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"322","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":271,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"323","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":314,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"324","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":308,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"325","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":253,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"326","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":301,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"327","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":129,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"328","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":333,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"329","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":351,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"331","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":294,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"332","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":295,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"333","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":264,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"334","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":320,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"335","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":114,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"337","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":249,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"338","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":330,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"339","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":328,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"340","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":331,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"343","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":352,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"345","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":321,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"346","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":306,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"347","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":341,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"352","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":298,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"353","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":336,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"354","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":342,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"357","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":337,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"359","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":275,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"360","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":350,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"367","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":349,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"371","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/*\r\n * jQuery Easing v1.3 - http://gsgd.co.uk/sandbox/jquery/easing/\r\n *\r\n * Uses the built in easing capabilities added In jQue\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"te products derived from this software witho","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":109,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"109","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/jquery.easing.min.js?v=4ruDdxuPsZDRfKEzAkk-LGbUKp_LqAAqerk1EPrIE0w","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"373","alertRef":"10027"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":343,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"376","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":120,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"385","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":329,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"386","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/scholarship/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":73,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"73","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/scholarship/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"408","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/assets/js/main.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/* ==================================================\r\n Nice Select Init\r\n ==================================\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"=\r\n Nice Select Init\r\n ====","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"162","inputVector":"","url":"https://gujarat.nfsu.ac.in/assets/js/main.js?v=g0_M3QBus1e2ycnExB_jEBClbDHkrDCJYOcysFMtEVM","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"409","alertRef":"10027"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":354,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"410","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":353,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"419","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":209,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"443","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/17 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":327,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"327","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/17?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"444","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/43","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":189,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"189","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"445","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/88 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":307,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"307","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/88?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"451","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":355,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"467","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/36 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":308,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"308","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/36?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"469","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/73 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":313,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"313","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/73?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"472","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/65 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":317,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"317","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/65?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"475","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":357,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"477","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":347,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"484","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":358,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"485","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/list/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":136,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"136","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"491","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/news/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":104,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"104","inputVector":"","url":"https://gujarat.nfsu.ac.in/news/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"494","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/24 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":324,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"324","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/24?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"498","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coe/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":93,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"93","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coe/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"499","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/31 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":328,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"328","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/31?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"501","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/42","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":281,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"281","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"502","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":116,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"116","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"503","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/82 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":305,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"305","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/82?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"504","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/62 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":319,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"319","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/62?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"506","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/80 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":282,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"282","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/80?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"511","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/81 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":286,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"286","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/81?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"512","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/45","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":183,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"183","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"515","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/rti","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":97,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"97","inputVector":"","url":"https://gujarat.nfsu.ac.in/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"516","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/45","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":249,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"249","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"517","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/56","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":214,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"214","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"520","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/38 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":284,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"284","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/38?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"536","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/70 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":353,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"353","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/70?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"540","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/Home","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":102,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"102","inputVector":"","url":"https://gujarat.nfsu.ac.in/Home","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"541","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/105 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":278,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"278","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/105?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"543","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/42","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":315,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"315","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"547","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/34 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":333,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"333","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/34?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"548","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":364,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"552","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/56","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":292,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"292","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"556","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/99 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":304,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"304","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/99?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"557","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/62","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":244,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"244","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"558","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/60","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":261,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"261","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"564","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/83 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":296,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"296","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/83?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"566","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/53 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":338,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"338","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/53?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"570","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/63","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":187,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"187","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"578","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/54 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":334,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"334","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/54?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"583","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/44","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":180,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"180","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"586","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/60 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":325,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"325","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/60?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"590","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/85 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":341,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"341","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/85?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"592","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/102 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":294,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"294","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/102?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"596","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":365,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"599","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/58","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":264,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"264","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"601","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/26 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":312,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"312","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/26?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"606","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/57","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":191,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"191","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"608","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/about/about_campus","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":51,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"51","inputVector":"","url":"https://gujarat.nfsu.ac.in/about/about_campus","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"609","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/45 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":331,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"331","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/45?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"612","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/28 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":322,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"322","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/28?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"614","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/44 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":309,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"309","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/44?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"615","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":366,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"621","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/contact","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":59,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"59","inputVector":"","url":"https://gujarat.nfsu.ac.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"623","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/111","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":123,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"123","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/111","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"624","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/98 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":351,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"351","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/98?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"626","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/131","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":114,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"114","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/131","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"628","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/40 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":320,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"320","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/40?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"630","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/60","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":253,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"253","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"632","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/69 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":326,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"326","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/69?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"638","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/c_director","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":85,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"85","inputVector":"","url":"https://gujarat.nfsu.ac.in/c_director","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"639","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":367,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"640","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/62","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":299,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"299","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"649","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/63 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":350,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"350","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/63?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"658","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/44","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":295,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"295","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"660","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/104 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":352,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"352","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/104?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"661","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/coedetails/107","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":129,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"129","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/coedetails/107","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"665","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":369,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"668","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/61","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":185,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"185","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"671","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/35 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":349,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"349","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/35?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"680","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/46 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":301,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"301","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/46?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"681","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/57","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":271,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"271","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"682","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/61","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":314,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"314","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"684","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/61 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":311,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"311","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/61?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"686","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/22 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":321,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"321","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/22?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"688","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/86 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":297,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"297","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/86?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"690","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/list/58","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":184,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"184","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/list/58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"691","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/56 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":343,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"343","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/56?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"692","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/89 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":300,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"300","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/89?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"696","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/12 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":337,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"337","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/12?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"699","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/93 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":355,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"355","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/93?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"701","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/49 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":330,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"330","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/49?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"703","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/facility","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":58,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"58","inputVector":"","url":"https://gujarat.nfsu.ac.in/facility","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"704","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/64 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":354,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"354","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/64?deptid=42","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"705","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/5 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":306,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"306","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/5?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"706","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/23 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":342,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"342","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/23?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"707","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/63","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":275,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"275","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"710","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/29 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":358,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"358","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/29?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"711","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/30 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":336,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"336","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/30?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"712","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/8 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":298,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"298","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/8?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"714","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/91 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":364,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"364","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/91?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"716","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/55 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":357,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"357","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/55?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"717","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/events/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":120,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"120","inputVector":"","url":"https://gujarat.nfsu.ac.in/events/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"719","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/department/details/43","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":329,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"329","inputVector":"","url":"https://gujarat.nfsu.ac.in/department/details/43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"720","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":370,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"735","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":372,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"746","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":371,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"754","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":377,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"766","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":347,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"347","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/Staff/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"768","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":373,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"793","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":375,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"812","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":376,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"813","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/47 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":365,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"365","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/47?deptid=60","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"830","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/Faculty/list/1","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":209,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"209","inputVector":"","url":"https://gujarat.nfsu.ac.in/Faculty/list/1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"833","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/21 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":367,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"367","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/21?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"872","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/57 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":369,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"369","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/57?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"911","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":378,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"942","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/71 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":366,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"366","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/71?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"956","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":379,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"957","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":381,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"963","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/106 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":375,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"375","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/106?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"965","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":380,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"972","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":382,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"981","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/41 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":370,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"370","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/41?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"989","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/newsletter","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":372,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"372","inputVector":"","url":"https://gujarat.nfsu.ac.in/newsletter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"995","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/43 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":371,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"371","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/43?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1010","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/52 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":377,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"377","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/52?deptid=58","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1013","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/101 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":373,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"373","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/101?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1033","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":383,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1035","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":384,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1053","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/84 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":376,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"376","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/84?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1056","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":385,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1059","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":386,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1063","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":387,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1082","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":388,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1088","alertRef":"10015"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/87 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":378,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"378","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/87?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1175","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/51 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":379,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"379","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/51?deptid=45","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1182","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/39 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":382,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"382","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/39?deptid=61","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1209","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/18 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":388,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"388","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/18?deptid=56","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1212","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/66 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":380,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"380","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/66?deptid=44","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1213","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/37 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":384,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"384","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/37?deptid=57","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1256","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/14 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":383,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"383","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/14?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1261","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/92 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":381,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"381","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/92?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1262","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/27 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":386,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"386","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/27?deptid=63","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1265","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/13 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":385,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"385","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/13?deptid=43","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1268","alertRef":"10109"},{"nodeName":"https://gujarat.nfsu.ac.in/program/prog_details/94 (deptid)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"About Us","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":387,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"387","inputVector":"","url":"https://gujarat.nfsu.ac.in/program/prog_details/94?deptid=62","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1316","alertRef":"10109"}]},"vulnerability_types":{"Missing Anti-clickjacking Header":111,"Re-examine Cache-control Directives":111,"Content Security Policy (CSP) Header Not Set":111,"Modern Web Application":111,"Server Leaks Version Information via \"Server\" HTTP Response Header Field":173,"Strict-Transport-Security Header Not Set":173,"Sub Resource Integrity Attribute Missing":222,"X-Content-Type-Options Header Missing":173,"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)":173,"Information Disclosure - Suspicious Comments":3,"Information Disclosure - Debug Error Messages":1,"Timestamp Disclosure - Unix":1,"Vulnerable JS Library":2},"owasp_top10":{"Unmapped / Other":1017,"A05: Security Misconfiguration":346,"A06: Vulnerable and Outdated Components":2}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69edbc2266cdc8d3ccd6a4d4"},"created_at":{"$date":"2026-04-26T07:17:54.390Z"},"url":"https://mypngd.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://mypngd.in/","scan_timestamp":"20260426_071437","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":7,"urls_list":["https://mypngd.in/","https://mypngd.in/robots.txt","https://mypngd.in/favicon.svg","https://mypngd.in/sitemap.xml","https://mypngd.in/assets/index-hinGR8AJ.css","https://mypngd.in/assets/index-C_jT4fyw.js","https://mypngd.in/api%60,lr=e="],"duration":10.029164791107178},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06595754623413},"passive_scan":{"status":"completed","duration":0.004597187042236328},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"mypngd.in","open_ports":[443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"active_scan":{"scan_id":"0","status":"completed","duration":30.01309895515442},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"vulnerabilities":{"total_alerts":24,"high_risk":0,"medium_risk":8,"low_risk":7,"informational":9,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://mypngd.in/","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nstyle-src, img-src, media-src, manifest-src","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://mypngd.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"Content-Security-Policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"1","alertRef":"10055-4"},{"nodeName":"https://mypngd.in/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://mypngd.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"2","alertRef":"10055-6"},{"nodeName":"https://mypngd.in/sitemap.xml","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nstyle-src, img-src, media-src, manifest-src","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":12,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"12","inputVector":"","url":"https://mypngd.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"Content-Security-Policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"10","alertRef":"10055-4"},{"nodeName":"https://mypngd.in/robots.txt","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nstyle-src, img-src, media-src, manifest-src","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":10,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"10","inputVector":"","url":"https://mypngd.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"Content-Security-Policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"12","alertRef":"10055-4"},{"nodeName":"https://mypngd.in/api`,lr=e=","sourceid":"3","other":"The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:\nstyle-src, img-src, media-src, manifest-src","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"17","inputVector":"","url":"https://mypngd.in/api%60,lr=e=","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Wildcard Directive","param":"Content-Security-Policy","attack":"","name":"CSP: Wildcard Directive","risk":"Medium","id":"13","alertRef":"10055-4"},{"nodeName":"https://mypngd.in/sitemap.xml","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":12,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"12","inputVector":"","url":"https://mypngd.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"14","alertRef":"10055-6"},{"nodeName":"https://mypngd.in/robots.txt","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":10,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"10","inputVector":"","url":"https://mypngd.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"15","alertRef":"10055-6"},{"nodeName":"https://mypngd.in/api`,lr=e=","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"script-src 'self';img-src 'self' data: https:;font-src 'self';connect-src 'self' ;frame-src 'self';object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"17","inputVector":"","url":"https://mypngd.in/api%60,lr=e=","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"17","alertRef":"10055-6"}],"Low":[{"nodeName":"https://mypngd.in/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://mypngd.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"4","alertRef":"10021"},{"nodeName":"https://mypngd.in/favicon.svg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":11,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"11","inputVector":"","url":"https://mypngd.in/favicon.svg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"8","alertRef":"10021"},{"nodeName":"https://mypngd.in/assets/index-hinGR8AJ.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":13,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"13","inputVector":"","url":"https://mypngd.in/assets/index-hinGR8AJ.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"11","alertRef":"10021"},{"nodeName":"https://mypngd.in/sitemap.xml","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":12,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"12","inputVector":"","url":"https://mypngd.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"21","alertRef":"10021"},{"nodeName":"https://mypngd.in/robots.txt","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":10,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"10","inputVector":"","url":"https://mypngd.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"23","alertRef":"10021"},{"nodeName":"https://mypngd.in/api`,lr=e=","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":17,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"17","inputVector":"","url":"https://mypngd.in/api%60,lr=e=","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"25","alertRef":"10021"},{"nodeName":"https://mypngd.in/assets/index-C_jT4fyw.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"no-sniff","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":15,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"15","inputVector":"","url":"https://mypngd.in/assets/index-C_jT4fyw.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"28","alertRef":"10021"}],"Informational":[{"nodeName":"https://mypngd.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"1","inputVector":"","url":"https://mypngd.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"0","alertRef":"10015"},{"nodeName":"https://mypngd.in/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://mypngd.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3","alertRef":"10109"},{"nodeName":"https://mypngd.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":12,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"12","inputVector":"","url":"https://mypngd.in/sitemap.xml","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"5","alertRef":"10015"},{"nodeName":"https://mypngd.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":10,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"10","inputVector":"","url":"https://mypngd.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"7","alertRef":"10015"},{"nodeName":"https://mypngd.in/api`,lr=e=","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":17,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"17","inputVector":"","url":"https://mypngd.in/api%60,lr=e=","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"9","alertRef":"10015"},{"nodeName":"https://mypngd.in/sitemap.xml","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":12,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"12","inputVector":"","url":"https://mypngd.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"18","alertRef":"10109"},{"nodeName":"https://mypngd.in/robots.txt","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":10,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"10","inputVector":"","url":"https://mypngd.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"19","alertRef":"10109"},{"nodeName":"https://mypngd.in/api`,lr=e=","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":17,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"17","inputVector":"","url":"https://mypngd.in/api%60,lr=e=","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"22","alertRef":"10109"},{"nodeName":"https://mypngd.in/assets/index-C_jT4fyw.js","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//,``).split(`/`);p=`/`+f.replace(/^\\//,``).split(`/`).slice(e.length).join(`/`)}let m=D(e,{pathname:p});T(l||m!=null,`No routes\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"in response to some user interaction or stat","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":15,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"15","inputVector":"","url":"https://mypngd.in/assets/index-C_jT4fyw.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"27","alertRef":"10027"}]},"vulnerability_types":{"Re-examine Cache-control Directives":4,"CSP: Wildcard Directive":4,"CSP: style-src unsafe-inline":4,"Modern Web Application":4,"X-Content-Type-Options Header Missing":7,"Information Disclosure - Suspicious Comments":1},"owasp_top10":{"Unmapped / Other":17,"A05: Security Misconfiguration":7}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69f03000a3ab5d20be3a2e3c"},"created_at":{"$date":"2026-04-28T03:56:48.368Z"},"url":"https://robu.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://robu.in/","scan_timestamp":"20260428_035315","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":7,"urls_list":["https://robu.in/sitemap.xml","https://robu.in/","https://robu.in/robots.txt","https://robu.in/api/","https://robu.in/account/","https://robu.in/cart/","https://robu.in/checkout/"],"duration":10.03991961479187},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06821513175964},"passive_scan":{"status":"completed","duration":0.006485939025878906},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"robu.in","open_ports":[80,443,8080,8443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"active_scan":{"scan_id":"0","status":"completed","duration":30.016398906707764},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"vulnerabilities":{"total_alerts":182,"high_risk":0,"medium_risk":28,"low_risk":7,"informational":147,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://robu.in/","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-x6H856WtysB0OBK9Qfe8tU' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"0","alertRef":"10055-13"},{"nodeName":"https://robu.in/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-x6H856WtysB0OBK9Qfe8tU' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"1","alertRef":"10055-6"},{"nodeName":"https://robu.in/","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-x6H856WtysB0OBK9Qfe8tU' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"2","alertRef":"10055-10"},{"nodeName":"https://robu.in/","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-x6H856WtysB0OBK9Qfe8tU' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"5","alertRef":"10055-13"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-pVyP6LzNGAgTuCNkI9y38t' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"20","alertRef":"10055-13"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-pVyP6LzNGAgTuCNkI9y38t' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":6,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"21","alertRef":"10055-6"},{"nodeName":"https://robu.in/","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-1khUzaOzZQHvm8uGpcNRHF' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":7,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"7","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"22","alertRef":"10055-13"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-pVyP6LzNGAgTuCNkI9y38t' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":6,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"23","alertRef":"10055-10"},{"nodeName":"https://robu.in/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-1khUzaOzZQHvm8uGpcNRHF' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":7,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"7","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"24","alertRef":"10055-6"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-9WjhaGa2G7WRUJfifsLTxc' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":13,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"25","alertRef":"10055-13"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-XDDkLBJkovl0QaIGBIXq2x' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":15,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"26","alertRef":"10055-13"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-sY5h7xUaNh7fhaDkSDV4gT' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":19,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"27","alertRef":"10055-13"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-33QhKPE6ULuR37CPqCNl2X' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"Content-Security-Policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"28","alertRef":"10055-13"},{"nodeName":"https://robu.in/","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-1khUzaOzZQHvm8uGpcNRHF' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":7,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"7","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"30","alertRef":"10055-10"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-9WjhaGa2G7WRUJfifsLTxc' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":13,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"31","alertRef":"10055-6"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-XDDkLBJkovl0QaIGBIXq2x' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":15,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"32","alertRef":"10055-6"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-sY5h7xUaNh7fhaDkSDV4gT' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":19,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"33","alertRef":"10055-6"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"style-src includes unsafe-inline.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-33QhKPE6ULuR37CPqCNl2X' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: style-src unsafe-inline","param":"Content-Security-Policy","attack":"","name":"CSP: style-src unsafe-inline","risk":"Medium","id":"34","alertRef":"10055-6"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-9WjhaGa2G7WRUJfifsLTxc' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":13,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"37","alertRef":"10055-10"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-XDDkLBJkovl0QaIGBIXq2x' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":15,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"38","alertRef":"10055-10"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-pVyP6LzNGAgTuCNkI9y38t' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"39","alertRef":"10055-13"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-sY5h7xUaNh7fhaDkSDV4gT' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":19,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"41","alertRef":"10055-10"},{"nodeName":"https://robu.in/","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-1khUzaOzZQHvm8uGpcNRHF' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":7,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"7","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"42","alertRef":"10055-13"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"script-src includes unsafe-eval.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-33QhKPE6ULuR37CPqCNl2X' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: script-src unsafe-eval","param":"Content-Security-Policy","attack":"","name":"CSP: script-src unsafe-eval","risk":"Medium","id":"49","alertRef":"10055-10"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-XDDkLBJkovl0QaIGBIXq2x' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":15,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"51","alertRef":"10055-13"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-9WjhaGa2G7WRUJfifsLTxc' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":13,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"59","alertRef":"10055-13"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-sY5h7xUaNh7fhaDkSDV4gT' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":19,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"61","alertRef":"10055-13"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"The directive(s): form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'; script-src 'nonce-33QhKPE6ULuR37CPqCNl2X' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"67","alertRef":"10055-13"}],"Low":[{"nodeName":"https://robu.in/","sourceid":"3","other":"1777348430, which evaluates to: 2026-04-28 03:53:50.","method":"GET","evidence":"1777348430","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"11","alertRef":"10096"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"1777348435, which evaluates to: 2026-04-28 03:53:55.","method":"GET","evidence":"1777348435","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":6,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"84","alertRef":"10096"},{"nodeName":"https://robu.in/","sourceid":"3","other":"1777348435, which evaluates to: 2026-04-28 03:53:55.","method":"GET","evidence":"1777348435","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":7,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"7","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"85","alertRef":"10096"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"1777348435, which evaluates to: 2026-04-28 03:53:55.","method":"GET","evidence":"1777348435","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":15,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"87","alertRef":"10096"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"1777348435, which evaluates to: 2026-04-28 03:53:55.","method":"GET","evidence":"1777348435","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":13,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"90","alertRef":"10096"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"1777348435, which evaluates to: 2026-04-28 03:53:55.","method":"GET","evidence":"1777348435","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":17,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"95","alertRef":"10096"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"1777348435, which evaluates to: 2026-04-28 03:53:55.","method":"GET","evidence":"1777348435","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":19,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"99","alertRef":"10096"}],"Informational":[{"nodeName":"https://robu.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Header & Meta","param":"","attack":"","name":"CSP: Header & Meta","risk":"Informational","id":"3","alertRef":"10055-12"},{"nodeName":"https://robu.in/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"10","alertRef":"10109"},{"nodeName":"https://robu.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"max-age=5, stale-while-revalidate","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":8,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"8","inputVector":"","url":"https://robu.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"18","alertRef":"10015"},{"nodeName":"https://robu.in/robots.txt","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 4","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":8,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"8","inputVector":"","url":"https://robu.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"19","alertRef":"10050-2"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Header & Meta","param":"","attack":"","name":"CSP: Header & Meta","risk":"Informational","id":"29","alertRef":"10055-12"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":15,"wascid":"15","description":"The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Header & Meta","param":"","attack":"","name":"CSP: Header & Meta","risk":"Informational","id":"43","alertRef":"10055-12"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":13,"wascid":"15","description":"The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Header & Meta","param":"","attack":"","name":"CSP: Header & Meta","risk":"Informational","id":"46","alertRef":"10055-12"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":19,"wascid":"15","description":"The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Header & Meta","param":"","attack":"","name":"CSP: Header & Meta","risk":"Informational","id":"47","alertRef":"10055-12"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":17,"wascid":"15","description":"The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Header & Meta","param":"","attack":"","name":"CSP: Header & Meta","risk":"Informational","id":"55","alertRef":"10055-12"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":6,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"6","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"72","alertRef":"10109"},{"nodeName":"https://robu.in/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":7,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"7","inputVector":"","url":"https://robu.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"74","alertRef":"10109"},{"nodeName":"https://robu.in/account/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":15,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"15","inputVector":"","url":"https://robu.in/account/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"82","alertRef":"10109"},{"nodeName":"https://robu.in/api/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":13,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"13","inputVector":"","url":"https://robu.in/api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"83","alertRef":"10109"},{"nodeName":"https://robu.in/cart/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":17,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"17","inputVector":"","url":"https://robu.in/cart/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"86","alertRef":"10109"},{"nodeName":"https://robu.in/checkout/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":19,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"19","inputVector":"","url":"https://robu.in/checkout/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"89","alertRef":"10109"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"423","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"128","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"425","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"129","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"428","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"130","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"430","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"131","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"432","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"132","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"434","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"133","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":436,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"436","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"134","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"439","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"135","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"440","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"136","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"443","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"137","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"445","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"138","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"448","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"139","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"449","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"140","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"452","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"141","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"453","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"142","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"455","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"143","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"457","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"144","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"459","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"145","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":461,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"461","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"146","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":465,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"465","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"147","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"466","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"148","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"468","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"149","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"470","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"150","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"472","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"151","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":474,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"474","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"152","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"476","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"153","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"479","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"154","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"482","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"155","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"483","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"156","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"486","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"157","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"487","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"158","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":489,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"489","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"159","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":491,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"491","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"160","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"493","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"161","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"496","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"162","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":497,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"497","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"163","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"500","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"164","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"502","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"165","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"504","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"166","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"506","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"167","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":508,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"508","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"168","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"510","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"169","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":513,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"513","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"170","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"515","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"171","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"518","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"172","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"519","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"173","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":520,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"520","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"174","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"522","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"175","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"524","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"176","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"527","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"177","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"528","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"178","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"530","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"179","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":535,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"535","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"180","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"536","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"181","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"537","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"182","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"538","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"183","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":540,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"540","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"184","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"542","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"185","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":544,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"544","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"186","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":546,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"546","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"187","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":548,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"548","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"188","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"550","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"189","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"552","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"190","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"554","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"191","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":557,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"557","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"192","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":558,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"558","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"193","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"560","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"194","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"562","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"195","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":565,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"565","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"196","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":566,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"566","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"197","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"569","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"198","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":571,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"571","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"199","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"573","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"200","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"576","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"201","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":578,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"578","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"202","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"581","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"203","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":584,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"584","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"204","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"585","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"205","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":587,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"587","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"206","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":589,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"589","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"207","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":591,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"591","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"208","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"593","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"209","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"596","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"210","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"599","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"211","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"600","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"212","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":602,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"602","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"213","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"605","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"214","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":609,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"609","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"215","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":610,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"610","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"216","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":611,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"611","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"217","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"614","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"218","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"617","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"219","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":618,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"618","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"220","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"620","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"221","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"622","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"222","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":624,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"624","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"223","alertRef":"10104"},{"nodeName":"https://robu.in/cart/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":17,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"626","inputVector":"","url":"https://robu.in/cart/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"224","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"628","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"225","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":630,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"630","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"226","alertRef":"10104"},{"nodeName":"https://robu.in/checkout/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":19,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"634","inputVector":"","url":"https://robu.in/checkout/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"227","alertRef":"10104"},{"nodeName":"https://robu.in/account/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":15,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"635","inputVector":"","url":"https://robu.in/account/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"228","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":636,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"636","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"229","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"638","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"230","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":641,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"641","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"231","alertRef":"10104"},{"nodeName":"https://robu.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"643","inputVector":"","url":"https://robu.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"232","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"645","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"233","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":647,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"647","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"234","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"649","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"235","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":652,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"652","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"236","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":653,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"653","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"237","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":655,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"655","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"238","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"657","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"239","alertRef":"10104"},{"nodeName":"https://robu.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":659,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"659","inputVector":"","url":"https://robu.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"240","alertRef":"10104"},{"nodeName":"https://robu.in/api/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":13,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"661","inputVector":"","url":"https://robu.in/api/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"241","alertRef":"10104"},{"nodeName":"https://robu.in/account","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":663,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"663","inputVector":"","url":"https://robu.in/account","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"242","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":665,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"665","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"243","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":667,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"667","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"244","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":669,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"669","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"245","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"671","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"246","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":673,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"673","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"247","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":676,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"676","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"248","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":678,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"678","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"249","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"680","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"250","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"682","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"251","alertRef":"10104"},{"nodeName":"https://robu.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"684","inputVector":"","url":"https://robu.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"252","alertRef":"10104"},{"nodeName":"https://robu.in/cart","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":686,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"686","inputVector":"","url":"https://robu.in/cart","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"253","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"688","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"254","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":690,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"690","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"255","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"692","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"256","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":694,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"694","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"257","alertRef":"10104"},{"nodeName":"https://robu.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"696","inputVector":"","url":"https://robu.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"258","alertRef":"10104"},{"nodeName":"https://robu.in/checkout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":700,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"700","inputVector":"","url":"https://robu.in/checkout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"259","alertRef":"10104"}]},"vulnerability_types":{"CSP: Failure to Define Directive with No Fallback":14,"CSP: style-src unsafe-inline":7,"CSP: script-src unsafe-eval":7,"CSP: Header & Meta":6,"Modern Web Application":7,"Timestamp Disclosure - Unix":7,"Re-examine Cache-control Directives":1,"Retrieved from Cache":1,"User Agent Fuzzer":132},"owasp_top10":{"Unmapped / Other":182}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69f03b5cf1389a944aab0984"},"created_at":{"$date":"2026-04-28T04:45:16.101Z"},"url":"https://www.nobroker.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.nobroker.in/","scan_timestamp":"20260428_040250","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":70,"urls_list":["https://www.nobroker.in/robots.txt","https://www.nobroker.in/admin","https://www.nobroker.in/*?amp=1","https://www.nobroker.in/config/","https://www.nobroker.in/nb-cms/","https://www.nobroker.in/api/v5/","https://www.nobroker.in/NOBRKR/","https://www.nobroker.in/signout","https://www.nobroker.in/resetPassword/","https://www.nobroker.in/app_","https://www.nobroker.in/nb-vip/","https://www.nobroker.in/vendor-onboard","https://www.nobroker.in/contact","https://www.nobroker.in/blog","https://www.nobroker.in/*?amp=2","https://www.nobroker.in/","https://www.nobroker.in/api/v4/","https://www.nobroker.in/nb-prophub-ui/","https://www.nobroker.in/api/v1/admin/","https://www.nobroker.in/api/v1/*/notification/","https://www.nobroker.in/static/","https://www.nobroker.in/redirectUrl?redirectUrl","https://www.nobroker.in/about","http://www.nobroker.in/404","https://www.nobroker.in/manifest.json","https://www.nobroker.in/sv/","https://www.nobroker.in/verify/","https://www.nobroker.in/nbpixel","https://www.nobroker.in/api/v1/","https://www.nobroker.in/user/","https://www.nobroker.in/on-boarding/","https://www.nobroker.in/nb-nbex/","https://www.nobroker.in/api/space/","https://www.nobroker.in/falcon/","https://www.nobroker.in/404","https://www.nobroker.in/sy/","https://www.nobroker.in/v5/","https://www.nobroker.in/admin/","https://www.nobroker.in/_proxy_","https://www.nobroker.in/v1/","https://www.nobroker.in/support","https://www.nobroker.in/property/listing/","http://www.nobroker.in/blog/","https://www.nobroker.in/search-hs","https://www.nobroker.in/nb-new/","https://www.nobroker.in/api/v2/","https://www.nobroker.in/hs-new/","https://www.nobroker.in/nb-cms-api/","https://www.nobroker.in/swagger/v1","https://www.nobroker.in/sitemap.xml","https://www.nobroker.in/.env","https://www.nobroker.in/chat","https://www.nobroker.in/api/v3/","https://www.nobroker.in/analytics/","https://www.nobroker.in/vendor-onboard/","https://www.nobroker.in/redirect","https://www.nobroker.in/nb-vendor-onboarding/main.ed7276541b377ea1c8b5.js","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","https://www.nobroker.in/profile/","https://www.nobroker.in/app?type","https://www.nobroker.in/nb-vendor-onboarding/css/main.97e0a2a82ceeefc795dd.css","https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.2e1d9ad27cd26b5e5a8a.css","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","https://www.nobroker.in/swagger/","https://www.nobroker.in/hs-admin/","https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.127cd39e860d832e82d9.chunk.js","https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","https://www.nobroker.in/nb-vendor-onboarding/vendor/vendor.3a371f1c1cd2643d5174.chunk.js","https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js"],"duration":10.058274745941162},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06231927871704},"passive_scan":{"status":"completed","duration":0.005489349365234375},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.nobroker.in","open_ports":[80],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":690.1119678020477},"vulnerabilities":{"total_alerts":1751,"high_risk":0,"medium_risk":353,"low_risk":660,"informational":738,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"0","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"27","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"28","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"29","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"30","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"31","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"32","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"33","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"34","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"35","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"36","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"37","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"38","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"39","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"40","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"41","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"42","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"43","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"44","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"45","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"46","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"47","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"48","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"49","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"50","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"54","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":77,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"64","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":61,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"76","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":98,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"98","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"77","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":113,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"81","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"83","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":119,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"84","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":135,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"98","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":144,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"111","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"112","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":77,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"115","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"118","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":117,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"121","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":113,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"124","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":119,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"125","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":154,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"154","inputVector":"","url":"https://www.nobroker.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"127","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":135,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"147","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/analytics/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":159,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"159","inputVector":"","url":"https://www.nobroker.in/analytics/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"154","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":161,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"158","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":143,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"159","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":150,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"163","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"170","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":119,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"182","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":113,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"185","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":161,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"187","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":119,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"190","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":113,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"195","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":113,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"203","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":119,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"206","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":135,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"222","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":135,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"227","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":135,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"231","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":135,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"234","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"258","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"261","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"264","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"267","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"270","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"273","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"277","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":166,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"278","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"281","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"285","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"290","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"296","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"299","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":61,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"302","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":170,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"320","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":136,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"324","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":156,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"358","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":77,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"396","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"401","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"403","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":77,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"407","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":161,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"409","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"411","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"412","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"414","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":77,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"417","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":161,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"418","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"420","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"422","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":77,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"424","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":161,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"426","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"429","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"431","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":161,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"434","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"437","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"438","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":155,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"441","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"443","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"444","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":117,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"450","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"451","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":163,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"455","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"457","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"461","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":173,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"463","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"644","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"647","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"
","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"658","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"659","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 2: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"664","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"665","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 3: \"email\" \"newAccountName\" \"newAccountPhone\" \"user_password\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"666","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"671","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"672","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"scope\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"673","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"675","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"678","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 5: \"scope\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"679","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"681","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"684","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 6: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"685","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 7: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"691","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"693","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"696","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 10: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"697","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"699","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"701","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"702","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"704","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 11: \"\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"707","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"708","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"713","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"714","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"718","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"724","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"727","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"729","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"732","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"737","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"742","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"743","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"748","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"749","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"753","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"754","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"758","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"759","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"760","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"763","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"768","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"770","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"773","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"775","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"778","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"780","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"781","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"783","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"786","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"787","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"789","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"791","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"793","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"795","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"799","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"800","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"803","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"804","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"807","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"808","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"811","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"812","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"815","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"816","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"819","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"820","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"823","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"824","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"827","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"828","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":173,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"830","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"832","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"833","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 2: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":173,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"835","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"837","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"838","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":173,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"840","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"841","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"842","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"844","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"845","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"847","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"848","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"850","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"851","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"853","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"854","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"856","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"857","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"859","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"860","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"862","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":166,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"863","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"865","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"867","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":170,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"869","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":155,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"908","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 2: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":155,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"909","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":155,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"911","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"912","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 3: \"email\" \"newAccountName\" \"newAccountPhone\" \"user_password\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"913","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"scope\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"914","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 5: \"scope\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"915","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 6: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"916","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 7: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"917","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 10: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"918","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 11: \"\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":163,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"919","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"956","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"957","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"958","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"959","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"964","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"965","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"966","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"967","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"968","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"969","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"981","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"982","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"983","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"984","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"985","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"986","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"987","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"988","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"989","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"990","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"991","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"992","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"993","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"994","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"995","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"996","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"997","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"998","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"999","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1000","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1001","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":173,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1017","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":173,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1018","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":173,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1019","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":173,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1020","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":155,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1023","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":155,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1024","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":155,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1025","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":155,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1026","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1034","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1035","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1036","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1037","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1038","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1039","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":163,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1040","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1060","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1061","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1062","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1063","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1064","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1065","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1066","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"1088","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"1089","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":182,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1094","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1173","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1174","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1176","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1177","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1178","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1179","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1180","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1181","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1182","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1183","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1186","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1188","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1189","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1190","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1191","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1192","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1193","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1194","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1195","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1196","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1197","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1200","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1201","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1202","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1203","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1204","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1206","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1207","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1208","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1209","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1210","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1211","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1212","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1213","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1215","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1216","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1217","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1218","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1219","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1220","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1221","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1222","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1223","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1225","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1226","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1227","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1228","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1229","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1230","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1231","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1232","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1233","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1234","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1235","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1236","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1237","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1238","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1241","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1242","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1243","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1244","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1245","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1246","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1248","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1249","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1250","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1251","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1252","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1253","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1254","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1255","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1257","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1258","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1259","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1260","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1261","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1262","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1263","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1264","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1265","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1268","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":182,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1269","alertRef":"90003"}],"Low":[{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/public/js/instantgratification.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/640.e27fed3587f5ec713511.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"4","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/main.7ade2e32824fdd43b048.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"5","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/4/4.398fb00d2a5e3f71116d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"6","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/6/6.afaceae551527e2f040e.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"7","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/7/7.facf69fe3a345809ee86.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"8","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/8/8.9c9c3d7f1228a7a24979.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"9","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/35/35.2bb40b034e85a5a9bfb5.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"10","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/119/119.72ea7f7d1219e177b0d1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"11","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/151/151.a10b170c79ae86f4334a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"12","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/home/home.95b1746708cb5068e630.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"13","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/ToggleSwitch/ToggleSwitch.a2977d85ea192887546a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"14","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/FestiveServices/FestiveServices.6328a5bd2156b961d85f.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"15","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/InstacashAdCard/InstacashAdCard.dbf6cb6dbee1cb583380.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"16","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeAssistPlans/HomeAssistPlans.1944c4fc1ddba205c905.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"17","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/AdCards/AdCards.cbd1a53e010714f750bc.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"18","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NBHorizontalTilesCarousel/NBHorizontalTilesCarousel.d38122e3bf1f62b2b9f3.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"19","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/Footer/Footer.ef1602bd6ea599fb7654.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"20","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/40/40.173e905dd7b4e287f36c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"21","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SiteMapFooterNew/SiteMapFooterNew.ce51e3317409ec39b6e9.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"22","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/BottomLinkFooter/BottomLinkFooter.1677ee8990433867ada6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"23","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"26","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"51","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"52","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":59,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"59","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"55","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":69,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"69","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"56","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":58,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"58","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"57","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":6,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"59","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"60","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":56,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"61","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":63,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"63","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"62","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":72,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"72","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"65","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":74,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"66","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":56,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"67","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":87,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"87","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"68","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":75,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"75","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"69","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":79,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"79","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"70","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":90,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"90","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"73","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":92,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"92","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"74","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":95,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"95","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"75","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":63,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"63","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"79","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/about","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":104,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"104","inputVector":"","url":"https://www.nobroker.in/about","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"80","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":111,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"111","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"85","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":109,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"109","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"86","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":115,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"115","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"87","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":114,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"114","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"90","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":126,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"126","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"91","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":128,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"128","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"93","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":95,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"95","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"100","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":98,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"98","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"102","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/manifest.json","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":108,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"108","inputVector":"","url":"https://www.nobroker.in/manifest.json","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"103","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":63,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"63","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"104","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":56,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"109","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":87,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"87","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"110","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"116","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":146,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"146","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"119","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":95,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"95","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"122","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":56,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"126","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":144,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"128","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"129","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/webpack-81e1c3b1854b10f4.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"130","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/framework-fee8a7e75612eda8.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"131","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/knowYourRent/gauge.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"134","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":113,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nbpixel-ui/vendor.9631a11c3b20a7d27e83.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"135","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":87,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"87","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"136","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":119,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyCjAZYE2-QriLt0Q2MJtRO22kAEWlKKaf4&v=3.exp&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"137","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":92,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"92","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"140","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":56,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"141","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":154,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"154","inputVector":"","url":"https://www.nobroker.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"142","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"isMobile","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"144","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/main-0608700a3131e93b.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"145","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyBKOLvPVSGuaBf9owgRFfDBXOQgJ4Vc8Nk&v=3.exp&libraries=places,geometry&map_ids=26ebf3fb725fae8d&callback=googleMapLoadCallBack","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"148","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":113,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nbpixel-ui/main.be4ec34b587a16f854a7.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"149","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":157,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"157","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"150","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/pages/_app-cbd38f2cc594983a.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"157","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":135,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"160","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"161","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deviceType","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"164","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":92,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"92","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"166","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/analytics/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":159,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"159","inputVector":"","url":"https://www.nobroker.in/analytics/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"167","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/3996-097ca6fa6884f3ea.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"169","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-address","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-address","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"171","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":135,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"172","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/391.f34cf3507a8b82f17ff9.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"173","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":157,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"157","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"175","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"176","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/pages/index-c35009b2dd4fb35c.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"180","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-country","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-country","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"181","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":135,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"183","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/main.a6ce01a802a699ecfd82.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"184","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"isMobile","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"186","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/C1QtFkIEdQIqtSpvFN1T1/_buildManifest.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"188","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-latitude","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-latitude","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"189","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":157,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"157","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"192","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deviceType","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"196","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"197","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/C1QtFkIEdQIqtSpvFN1T1/_ssgManifest.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"198","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-longitude","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-longitude","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"199","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":135,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyCwy2ETEJXPynpNXJggwjzsHxFcG3Il34o&v=3.exp&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"200","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-city","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-city","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"201","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"204","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"isMobile","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"205","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"208","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":113,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"210","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"isMobile","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"211","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deviceType","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"212","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":119,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"214","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deffered_login","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deffered_login","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"215","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deviceType","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"217","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"218","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":119,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"219","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_summary","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"new_pnm_summary","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"220","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"isMobile","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"224","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deviceType","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"225","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"226","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_MyBookings","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"new_pnm_MyBookings","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"230","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"isMobile","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"233","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deviceType","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"236","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":135,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"238","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-address","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-address","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"239","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":135,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"241","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-country","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-country","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"242","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-latitude","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-latitude","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"244","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-longitude","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-longitude","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"246","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-city","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-city","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"248","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"250","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deffered_login","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deffered_login","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"253","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_summary","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"new_pnm_summary","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"256","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_MyBookings","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"new_pnm_MyBookings","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"259","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"isMobile","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"262","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deviceType","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"265","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-address","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-address","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"268","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-country","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-country","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"271","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-latitude","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-latitude","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"275","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-longitude","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-longitude","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"279","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"isMobile","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"282","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-city","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-city","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"283","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deviceType","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"286","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"288","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deffered_login","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deffered_login","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"292","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_summary","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"new_pnm_summary","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"294","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_MyBookings","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"new_pnm_MyBookings","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"297","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"isMobile","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"300","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deviceType","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"303","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":61,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"307","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/391.f34cf3507a8b82f17ff9.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"310","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Next.js","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"311","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/main.7ade2e32824fdd43b048.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"312","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/main.a6ce01a802a699ecfd82.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"315","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/0/0.724811ac869292576c23.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"317","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/48/48.dbbd80896111cfba2221.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"319","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/1/1.e0ce36d1fc40258ae7d7.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"321","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/search/search.333b62c85c694af92c0a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"323","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/4/4.398fb00d2a5e3f71116d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"327","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"332","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/6/6.afaceae551527e2f040e.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"334","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"335","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/9/9.b18d3fefd0a5a93ad815.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"340","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbcr","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"343","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/14/14.16cb5739a44912f799e5.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"345","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"346","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/17/17.de9dced030764ac47230.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"351","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/23/23.94ad2ac34e2222e95769.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"357","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/26/26.f0a9ce8758177f86a732.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"360","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/36/36.568e31febf16fb40bd1f.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"362","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/39/39.6a354b37289c2c92729c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"364","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/38/38.00202193526a042462df.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"366","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/640.e27fed3587f5ec713511.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"371","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/51/51.d52b6361c98f9c1e0dfe.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"372","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/main.7ade2e32824fdd43b048.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"374","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/60/60.25270cc98ce5cd011514.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"375","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/0/0.724811ac869292576c23.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"377","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/67/67.0dd18303331e288ba468.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"380","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/2/2.3ebcb94aebf02dbdbc4a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"381","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/65/65.d233a2f991e01b9aaaf0.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"383","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/4/4.398fb00d2a5e3f71116d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"384","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/111/111.9c92ae74875f3a05c105.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"386","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/136/136.79f71f494ed3fe04f335.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"389","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/6/6.afaceae551527e2f040e.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"391","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SeoFooter/SeoFooter.844856b65380d8bf4aef.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"393","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/7/7.facf69fe3a345809ee86.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"395","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/153/153.b2d6642d5517b0258f5d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"399","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/9/9.b18d3fefd0a5a93ad815.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"402","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/detailPage/detailPage.9761ce020e297c3b8768.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"406","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/11/11.49f76519c3db08baa6e9.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"410","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/8/8.9c9c3d7f1228a7a24979.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"415","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/14/14.16cb5739a44912f799e5.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"419","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"421","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/15/15.6f660e726e821967a3a1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"427","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: PHP/8.2.18","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"430","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HeaderContentDesktop/HeaderContentDesktop.6c5a5b09f07d81eec0c6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"432","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NbButton/NbButton.af5d5123c79eac320661.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"439","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":77,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"440","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/19/19.5faa655227e84d079263.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"442","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/FeedbackModal/FeedbackModal.9472a7b04d276a76da98.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"445","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":161,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"447","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":77,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"448","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/22/22.f3683e61ce270feb0571.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"449","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"453","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/23/23.94ad2ac34e2222e95769.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"454","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"456","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"458","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/26/26.f0a9ce8758177f86a732.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"459","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/vendor/progress.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"460","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":117,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"462","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"464","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/36/36.568e31febf16fb40bd1f.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"465","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"466","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"468","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"470","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"471","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"472","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"473","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/38/38.00202193526a042462df.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"474","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"475","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"477","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"478","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/45/45.1820c118b55ec8188ee3.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"479","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"480","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbcr","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"481","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"482","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"483","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/51/51.d52b6361c98f9c1e0dfe.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"484","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"485","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"487","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/60/60.25270cc98ce5cd011514.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"488","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbcr","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"489","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"490","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"493","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"494","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"495","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/65/65.d233a2f991e01b9aaaf0.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"496","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/listPlanCardConstant.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"497","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/listPlanCardHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"500","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/lib-min1.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"501","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/136/136.79f71f494ed3fe04f335.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"502","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"503","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SeoFooter/SeoFooter.844856b65380d8bf4aef.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"505","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.2.0/socket.io.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"506","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"507","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/153/153.b2d6642d5517b0258f5d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"508","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"509","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/detailPage/detailPage.9761ce020e297c3b8768.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"512","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"513","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/8/8.9c9c3d7f1228a7a24979.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"514","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"516","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"519","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HeaderContentDesktop/HeaderContentDesktop.6c5a5b09f07d81eec0c6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"520","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"521","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"524","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NbButton/NbButton.af5d5123c79eac320661.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"525","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"526","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/seoNearByLocationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"527","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/FeedbackModal/FeedbackModal.9472a7b04d276a76da98.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"528","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"529","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"530","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"531","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"532","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"533","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"534","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"535","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"536","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"537","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"538","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"539","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/admin/secondaryPhoneModal.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"540","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"541","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/whatsAppAPIHandler.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"542","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"543","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/whatsapp/whatsappChatRoom.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"544","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"545","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/whatsapp/whatsappHome.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"546","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/homepage/homepage.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"547","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"548","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"549","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/rangeSlider/nbRangeSlider.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"550","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"551","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/commercialPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"552","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"553","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/buyerPlan.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"554","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"555","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/sellerPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"556","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"557","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"559","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/tenantPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"560","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"561","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/menu-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"562","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/googleSigninHelper.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"563","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/globalUserVerificationModal.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"564","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"565","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/schedulerModal.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"566","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"567","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/generalSchedulerModal.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"568","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"569","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/scheduler_constants.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"570","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"571","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap-datepicker-new.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"572","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/google-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"574","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"575","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"576","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/polyfiller.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"577","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"578","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb_form.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"579","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"580","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"581","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"583","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"584","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"585","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"586","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"587","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"588","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/google-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"589","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"591","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"592","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"593","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"594","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"595","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"596","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"597","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"598","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"599","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/alerts/alerts.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"600","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/date-manipulation.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"601","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/admin/globalPopup.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"602","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/timeago-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"603","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/payment/nbpayment.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"604","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"606","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbSwagger.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"607","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/vendor/progress.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"609","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/slashRtc/slashRtcIntegration.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"610","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.gstatic.com/firebasejs/3.6.2/firebase.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"611","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"612","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.gstatic.com/firebasejs/3.6.2/firebase.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"613","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"614","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbFirebase.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"615","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"616","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/vendor/mailcheck.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"617","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"618","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"619","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"620","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"621","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"622","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"623","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"624","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/listPlanCardConstant.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"625","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"626","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/listPlanCardHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"627","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"628","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/lib-min1.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"629","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"631","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"633","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"634","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.2.0/socket.io.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"637","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"638","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"640","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"641","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"643","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"645","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"646","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"648","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"649","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"650","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"652","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/homepage/homepage.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"653","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"654","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"656","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"660","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"661","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"663","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"667","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"668","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/seoNearByLocationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"669","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"670","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"674","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"676","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"677","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"680","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"682","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"683","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"686","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"688","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"689","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"692","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"694","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"695","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"698","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"700","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/googleSigninHelper.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"703","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"705","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/homepage/homepage.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"706","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"709","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"710","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/admin/secondaryPhoneModal.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"711","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"712","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"715","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/whatsAppAPIHandler.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"716","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"717","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"720","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/whatsapp/whatsappChatRoom.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"721","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/whatsapp/whatsappHome.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"722","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"723","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/google-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"725","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"726","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/rangeSlider/nbRangeSlider.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"728","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"730","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"731","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/commercialPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"733","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"736","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/buyerPlan.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"739","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"740","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"741","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/sellerPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"744","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"745","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"747","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"751","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"752","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/tenantPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"755","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/googleSigninHelper.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"756","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"757","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"761","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"762","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/menu-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"764","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"766","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"767","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/globalUserVerificationModal.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"769","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"771","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"772","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/schedulerModal.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"774","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"776","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"777","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/generalSchedulerModal.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"779","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":173,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"782","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/scheduler_constants.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"784","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/google-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"785","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap-datepicker-new.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"788","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"790","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"792","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"794","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"Under Construction","pluginId":"10023","cweid":"1295","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ERRH-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling","CWE-1295":"https://cwe.mitre.org/data/definitions/1295.html","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Disable debugging messages before pushing to production.","alert":"Information Disclosure - Debug Error Messages","param":"","attack":"","name":"Information Disclosure - Debug Error Messages","risk":"Low","id":"796","alertRef":"10023"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/polyfiller.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"797","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"798","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb_form.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"801","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"802","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"805","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"806","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"809","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"810","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"813","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"814","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"817","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"818","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/google-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"821","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"822","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"825","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"826","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"829","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/chat/chatSummary.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"831","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"834","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"836","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"839","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/alerts/alerts.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"843","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/date-manipulation.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"846","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/admin/globalPopup.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"849","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/timeago-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"852","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/payment/nbpayment.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"855","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbSwagger.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"858","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/slashRtc/slashRtcIntegration.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"861","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.gstatic.com/firebasejs/3.6.2/firebase.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"864","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.gstatic.com/firebasejs/3.6.2/firebase.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"866","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbFirebase.min1777295552669.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"868","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/vendor/mailcheck.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"871","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":163,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"873","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/3/3.2bea1f6a80a0c03f854c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"883","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HeaderContentDesktop/HeaderContentDesktop.6c5a5b09f07d81eec0c6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"884","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NbButton/NbButton.af5d5123c79eac320661.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"885","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SupportPanel/SupportPanel.2d2d61e2ddc461c9aa7c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"886","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/RABanner/RABanner.5a78c94f2a76f558b866.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"887","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/1/1.e0ce36d1fc40258ae7d7.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"888","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/2/2.3ebcb94aebf02dbdbc4a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"889","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/5/5.f8369ca6dccc177f2a6c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"890","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/10/10.b258b3a15989b402b1d1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"891","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/12/12.ea73710f4024e7ec8b81.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"892","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/15/15.6f660e726e821967a3a1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"893","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/17/17.de9dced030764ac47230.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"894","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/19/19.5faa655227e84d079263.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"895","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/29/29.909075207360ab27f030.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"896","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/37/37.2102db678894c515d01a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"897","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/124/124.0676f10b7c315050a613.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"898","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeDesktopFilter/HomeDesktopFilter.1845432f19f8fad860c1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"899","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/PostPropertyCardDesktop/PostPropertyCardDesktop.29b7cb2c552be2cc5a3d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"900","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeTileCard/HomeTileCard.6ccfa1374bee774a92c1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"901","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/9/9.b18d3fefd0a5a93ad815.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"902","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeCard/HomeCard.48ccaea30276c29cc8cf.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"903","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":170,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"923","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":170,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"170","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"924","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"Under Construction","pluginId":"10023","cweid":"1295","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ERRH-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling","CWE-1295":"https://cwe.mitre.org/data/definitions/1295.html","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Disable debugging messages before pushing to production.","alert":"Information Disclosure - Debug Error Messages","param":"","attack":"","name":"Information Disclosure - Debug Error Messages","risk":"Low","id":"949","alertRef":"10023"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"Under Construction","pluginId":"10023","cweid":"1295","confidence":"Medium","sourceMessageId":155,"wascid":"13","description":"The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ERRH-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling","CWE-1295":"https://cwe.mitre.org/data/definitions/1295.html","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Disable debugging messages before pushing to production.","alert":"Information Disclosure - Debug Error Messages","param":"","attack":"","name":"Information Disclosure - Debug Error Messages","risk":"Low","id":"950","alertRef":"10023"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":156,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"955","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/main.ed7276541b377ea1c8b5.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":164,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"164","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/main.ed7276541b377ea1c8b5.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1009","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":155,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"1022","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":163,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"1033","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":136,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"1059","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":177,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"177","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"1070","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.2e1d9ad27cd26b5e5a8a.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":180,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"180","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.2e1d9ad27cd26b5e5a8a.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1076","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.2e1d9ad27cd26b5e5a8a.css","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":180,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"180","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.2e1d9ad27cd26b5e5a8a.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1077","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css/main.97e0a2a82ceeefc795dd.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":178,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"178","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css/main.97e0a2a82ceeefc795dd.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1090","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css/main.97e0a2a82ceeefc795dd.css","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":178,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"178","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css/main.97e0a2a82ceeefc795dd.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1091","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/public/js/instantgratification.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1096","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/public/js/instantgratification.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1097","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/640.e27fed3587f5ec713511.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1098","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/640.e27fed3587f5ec713511.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1099","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/main.7ade2e32824fdd43b048.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1100","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/main.7ade2e32824fdd43b048.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1101","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/1/1.e0ce36d1fc40258ae7d7.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1104","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/1/1.e0ce36d1fc40258ae7d7.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1105","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/2/2.3ebcb94aebf02dbdbc4a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1106","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/2/2.3ebcb94aebf02dbdbc4a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1107","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/4/4.398fb00d2a5e3f71116d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1108","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/4/4.398fb00d2a5e3f71116d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1109","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/3/3.2bea1f6a80a0c03f854c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1110","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/3/3.2bea1f6a80a0c03f854c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1111","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/6/6.afaceae551527e2f040e.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1113","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/7/7.facf69fe3a345809ee86.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1114","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/9/9.b18d3fefd0a5a93ad815.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1115","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/7/7.facf69fe3a345809ee86.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1116","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/9/9.b18d3fefd0a5a93ad815.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1117","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/11/11.49f76519c3db08baa6e9.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1118","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/11/11.49f76519c3db08baa6e9.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1119","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/14/14.16cb5739a44912f799e5.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1120","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/14/14.16cb5739a44912f799e5.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1121","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/15/15.6f660e726e821967a3a1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1122","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/15/15.6f660e726e821967a3a1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1123","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/17/17.de9dced030764ac47230.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1124","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/17/17.de9dced030764ac47230.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1125","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/19/19.5faa655227e84d079263.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1126","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/19/19.5faa655227e84d079263.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1127","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/22/22.f3683e61ce270feb0571.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1128","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/23/23.94ad2ac34e2222e95769.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1129","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/22/22.f3683e61ce270feb0571.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1130","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/26/26.f0a9ce8758177f86a732.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1131","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/23/23.94ad2ac34e2222e95769.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1132","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/26/26.f0a9ce8758177f86a732.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1134","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/36/36.568e31febf16fb40bd1f.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1135","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/39/39.6a354b37289c2c92729c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1137","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/38/38.00202193526a042462df.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1138","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/45/45.1820c118b55ec8188ee3.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1140","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/51/51.d52b6361c98f9c1e0dfe.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1142","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/51/51.d52b6361c98f9c1e0dfe.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1143","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/60/60.25270cc98ce5cd011514.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1144","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/67/67.0dd18303331e288ba468.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1145","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/67/67.0dd18303331e288ba468.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1147","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/65/65.d233a2f991e01b9aaaf0.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1148","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/65/65.d233a2f991e01b9aaaf0.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1149","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/111/111.9c92ae74875f3a05c105.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1150","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/111/111.9c92ae74875f3a05c105.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1151","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/136/136.79f71f494ed3fe04f335.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1152","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/136/136.79f71f494ed3fe04f335.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1153","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SeoFooter/SeoFooter.844856b65380d8bf4aef.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1154","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SeoFooter/SeoFooter.844856b65380d8bf4aef.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1155","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/153/153.b2d6642d5517b0258f5d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1156","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/153/153.b2d6642d5517b0258f5d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1157","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/detailPage/detailPage.9761ce020e297c3b8768.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1158","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/detailPage/detailPage.9761ce020e297c3b8768.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1159","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/8/8.9c9c3d7f1228a7a24979.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1160","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/8/8.9c9c3d7f1228a7a24979.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1161","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HeaderContentDesktop/HeaderContentDesktop.6c5a5b09f07d81eec0c6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1163","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/Header/Header.f9f1396a0f986cc0069a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1164","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NbButton/NbButton.af5d5123c79eac320661.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1165","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HeaderContentDesktop/HeaderContentDesktop.6c5a5b09f07d81eec0c6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1166","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/FeedbackModal/FeedbackModal.9472a7b04d276a76da98.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1167","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NbButton/NbButton.af5d5123c79eac320661.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1168","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/FeedbackModal/FeedbackModal.9472a7b04d276a76da98.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1169","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":189,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1172","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":182,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1175","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1270","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":189,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1271","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":182,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1272","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":182,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1273","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.127cd39e860d832e82d9.chunk.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":188,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"188","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.127cd39e860d832e82d9.chunk.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1274","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.127cd39e860d832e82d9.chunk.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":188,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"188","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding/VendorOnboarding.127cd39e860d832e82d9.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1275","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor/vendor.3a371f1c1cd2643d5174.chunk.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":192,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"192","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor/vendor.3a371f1c1cd2643d5174.chunk.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1276","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor/vendor.3a371f1c1cd2643d5174.chunk.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":192,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"192","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor/vendor.3a371f1c1cd2643d5174.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1277","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1701076831, which evaluates to: 2023-11-27 09:20:31.","method":"GET","evidence":"1701076831","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1278","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1732584193, which evaluates to: 2024-11-26 01:23:13.","method":"GET","evidence":"1732584193","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1280","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1604231423, which evaluates to: 2020-11-01 11:50:23.","method":"GET","evidence":"1604231423","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1281","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1687547391, which evaluates to: 2023-06-23 19:09:51.","method":"GET","evidence":"1687547391","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1282","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1768516095, which evaluates to: 2026-01-15 22:28:15.","method":"GET","evidence":"1768516095","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1283","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2005441023, which evaluates to: 2033-07-20 02:57:03.","method":"GET","evidence":"2005441023","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1285","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1724754687, which evaluates to: 2024-08-27 10:31:27.","method":"GET","evidence":"1724754687","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1287","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2070474495, which evaluates to: 2035-08-11 19:48:15.","method":"GET","evidence":"2070474495","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1288","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1804477439, which evaluates to: 2027-03-08 03:43:59.","method":"GET","evidence":"1804477439","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1289","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1714657791, which evaluates to: 2024-05-02 13:49:51.","method":"GET","evidence":"1714657791","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1290","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1784335871, which evaluates to: 2026-07-18 00:51:11.","method":"GET","evidence":"1784335871","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1291","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1887473919, which evaluates to: 2029-10-23 18:18:39.","method":"GET","evidence":"1887473919","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1292","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1473231341, which evaluates to: 2016-09-07 06:55:41.","method":"GET","evidence":"1473231341","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1294","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1770035416, which evaluates to: 2026-02-02 12:30:16.","method":"GET","evidence":"1770035416","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1295","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1958414417, which evaluates to: 2032-01-22 20:00:17.","method":"GET","evidence":"1958414417","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1296","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1990404162, which evaluates to: 2033-01-27 02:02:42.","method":"GET","evidence":"1990404162","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1297","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1804603682, which evaluates to: 2027-03-09 14:48:02.","method":"GET","evidence":"1804603682","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1298","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1502002290, which evaluates to: 2017-08-06 06:51:30.","method":"GET","evidence":"1502002290","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1299","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1735328473, which evaluates to: 2024-12-27 19:41:13.","method":"GET","evidence":"1735328473","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1300","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1926607734, which evaluates to: 2031-01-19 16:48:54.","method":"GET","evidence":"1926607734","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1301","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2022574463, which evaluates to: 2034-02-03 10:14:23.","method":"GET","evidence":"2022574463","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1302","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1839030562, which evaluates to: 2028-04-11 01:49:22.","method":"GET","evidence":"1839030562","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1303","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1530992060, which evaluates to: 2018-07-07 19:34:20.","method":"GET","evidence":"1530992060","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1304","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1700485571, which evaluates to: 2023-11-20 13:06:11.","method":"GET","evidence":"1700485571","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1305","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1894986606, which evaluates to: 2030-01-18 17:10:06.","method":"GET","evidence":"1894986606","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1306","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2054922799, which evaluates to: 2035-02-12 19:53:19.","method":"GET","evidence":"2054922799","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1307","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1873313359, which evaluates to: 2029-05-12 20:49:19.","method":"GET","evidence":"1873313359","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1308","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1560198380, which evaluates to: 2019-06-10 20:26:20.","method":"GET","evidence":"1560198380","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1309","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1732584194, which evaluates to: 2024-11-26 01:23:14.","method":"GET","evidence":"1732584194","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1311","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1518500249, which evaluates to: 2018-02-13 05:37:29.","method":"GET","evidence":"1518500249","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1313","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1859775393, which evaluates to: 2028-12-07 04:16:33.","method":"GET","evidence":"1859775393","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1314","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1894007588, which evaluates to: 2030-01-07 09:13:08.","method":"GET","evidence":"1894007588","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1315","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1549556828, which evaluates to: 2019-02-07 16:27:08.","method":"GET","evidence":"1549556828","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1316","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1899447441, which evaluates to: 2030-03-11 08:17:21.","method":"GET","evidence":"1899447441","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1317","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1508970993, which evaluates to: 2017-10-25 22:36:33.","method":"GET","evidence":"1508970993","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1318","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1925078388, which evaluates to: 2031-01-01 23:59:48.","method":"GET","evidence":"1925078388","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1319","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2007800933, which evaluates to: 2033-08-16 10:28:53.","method":"GET","evidence":"2007800933","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1320","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1495990901, which evaluates to: 2017-05-28 17:01:41.","method":"GET","evidence":"1495990901","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1321","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1856431235, which evaluates to: 2028-10-29 11:20:35.","method":"GET","evidence":"1856431235","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1322","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1555081692, which evaluates to: 2019-04-12 15:08:12.","method":"GET","evidence":"1555081692","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1323","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1996064986, which evaluates to: 2033-04-02 14:29:46.","method":"GET","evidence":"1996064986","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1324","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1546045734, which evaluates to: 2018-12-29 01:08:54.","method":"GET","evidence":"1546045734","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1325","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1522805485, which evaluates to: 2018-04-04 01:31:25.","method":"GET","evidence":"1522805485","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1326","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1695183700, which evaluates to: 2023-09-20 04:21:40.","method":"GET","evidence":"1695183700","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1327","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1986661051, which evaluates to: 2032-12-14 18:17:31.","method":"GET","evidence":"1986661051","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1328","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1467031594, which evaluates to: 2016-06-27 12:46:34.","method":"GET","evidence":"1467031594","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1329","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1537002063, which evaluates to: 2018-09-15 09:01:03.","method":"GET","evidence":"1537002063","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1330","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2003034995, which evaluates to: 2033-06-22 06:36:35.","method":"GET","evidence":"2003034995","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1331","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1747873779, which evaluates to: 2025-05-22 00:29:39.","method":"GET","evidence":"1747873779","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1332","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1955562222, which evaluates to: 2031-12-20 19:43:42.","method":"GET","evidence":"1955562222","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1333","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1575990012, which evaluates to: 2019-12-10 15:00:12.","method":"GET","evidence":"1575990012","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1334","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2024104815, which evaluates to: 2034-02-21 03:20:15.","method":"GET","evidence":"2024104815","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1335","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1914138554, which evaluates to: 2030-08-28 09:09:14.","method":"GET","evidence":"1914138554","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1336","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1501505948, which evaluates to: 2017-07-31 12:59:08.","method":"GET","evidence":"1501505948","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1337","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1607167915, which evaluates to: 2020-12-05 11:31:55.","method":"GET","evidence":"1607167915","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1338","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1816402316, which evaluates to: 2027-07-24 04:11:56.","method":"GET","evidence":"1816402316","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1339","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1779033703, which evaluates to: 2026-05-17 16:01:43.","method":"GET","evidence":"1779033703","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1340","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1595750129, which evaluates to: 2020-07-26 07:55:29.","method":"GET","evidence":"1595750129","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1341","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1541459225, which evaluates to: 2018-11-05 23:07:05.","method":"GET","evidence":"1541459225","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1342","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1750603025, which evaluates to: 2025-06-22 14:37:05.","method":"GET","evidence":"1750603025","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1343","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1694076839, which evaluates to: 2023-09-07 08:53:59.","method":"GET","evidence":"1694076839","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1344","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1654270250, which evaluates to: 2022-06-03 15:30:50.","method":"GET","evidence":"1654270250","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1345","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1731405415, which evaluates to: 2024-11-12 09:56:55.","method":"GET","evidence":"1731405415","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1346","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1548603684, which evaluates to: 2019-01-27 15:41:24.","method":"GET","evidence":"1548603684","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1351","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1836072691, which evaluates to: 2028-03-07 20:11:31.","method":"GET","evidence":"1836072691","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1352","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2053994217, which evaluates to: 2035-02-02 01:56:57.","method":"GET","evidence":"2053994217","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1353","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1610612736, which evaluates to: 2021-01-14 08:25:36.","method":"GET","evidence":"1610612736","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1355","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1879048192, which evaluates to: 2029-07-18 05:49:52.","method":"GET","evidence":"1879048192","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1356","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1476395008, which evaluates to: 2016-10-13 21:43:28.","method":"GET","evidence":"1476395008","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1357","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1744830464, which evaluates to: 2025-04-16 19:07:44.","method":"GET","evidence":"1744830464","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1358","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2013265920, which evaluates to: 2033-10-18 16:32:00.","method":"GET","evidence":"2013265920","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1359","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1610612737, which evaluates to: 2021-01-14 08:25:37.","method":"GET","evidence":"1610612737","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1360","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1879048193, which evaluates to: 2029-07-18 05:49:53.","method":"GET","evidence":"1879048193","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1361","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1476395009, which evaluates to: 2016-10-13 21:43:29.","method":"GET","evidence":"1476395009","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1362","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"1744830465, which evaluates to: 2025-04-16 19:07:45.","method":"GET","evidence":"1744830465","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1363","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"2013265921, which evaluates to: 2033-10-18 16:32:01.","method":"GET","evidence":"2013265921","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":194,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1364","alertRef":"10096"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":194,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1365","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":194,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"194","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding/vendors~VendorOnboarding.ba17124d92c737fbad82.chunk.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1366","alertRef":"10037"}],"Informational":[{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=7200","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"PG / Hostels in Delhi NCR","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"24","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 2374","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"25","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"public,max-age=3600","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":6,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"53","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 1","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":6,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"58","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":61,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"63","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":63,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"63","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"71","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/manifest.json","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=31536000","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":108,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"108","inputVector":"","url":"https://www.nobroker.in/manifest.json","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"82","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":56,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"89","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":87,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"87","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"92","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":77,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"95","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":95,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"95","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"99","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":117,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"105","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":113,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"106","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=31557600","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":119,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"107","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":92,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"92","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"113","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":63,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"63","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"123","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":135,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"132","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":95,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"95","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"138","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":143,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"146","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":150,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"151","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":56,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"152","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":87,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"87","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"156","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":157,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"157","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"162","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":119,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"119","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"165","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":113,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"113","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"174","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":161,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"177","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":92,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"92","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"194","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":157,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"157","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"207","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":135,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"135","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"213","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":61,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"251","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=7200","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":166,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"274","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":136,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"287","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":136,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"293","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":136,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"316","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":156,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"330","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbcr\nCookie name: nbpt\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":136,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"339","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":156,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"349","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":77,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"77","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"390","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":117,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"394","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/vendor-onboard/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":161,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"161","inputVector":"","url":"https://www.nobroker.in/vendor-onboard/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"397","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":143,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"400","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":155,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"404","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":150,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"408","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":163,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"416","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":155,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"425","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":163,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"428","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":173,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"433","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":163,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"436","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":173,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"446","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":173,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"452","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbcr\nCookie name: nbpt\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":163,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"476","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbcr\nCookie name: nbpt\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":173,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"486","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"cookie:cloudfront-viewer-address","method":"GET","evidence":"cloudfront-viewer-address","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":143,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"cloudfront-viewer-address","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"511","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":92,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"92","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"573","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Post Your Property","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":166,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"166","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"608","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":56,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"56","inputVector":"","url":"https://www.nobroker.in/admin","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"910","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 2 times, the first in likely comment: \"//get the lat_lgn value always as on back button query params are cleared\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s as on back button query params are cleared","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"951","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"// The user selected a credential.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// The user selected a credenti","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"952","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"//ga('send', 'event', 'Social Click', 'from header', this.href);\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"', 'Social Click', 'from header', this.href)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"953","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":156,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"954","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Post Your Property","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":86,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"960","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 55","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":86,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"961","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 2 times, the first in likely comment: \"//get the lat_lgn value always as on back button query params are cleared\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s as on back button query params are cleared","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1010","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"// The user selected a credential.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// The user selected a credenti","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1011","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"//ga('send', 'event', 'Social Click', 'from header', this.href);\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"', 'Social Click', 'from header', this.href)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":173,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1012","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":173,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1013","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 2 times, the first in likely comment: \"//get the lat_lgn value always as on back button query params are cleared\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s as on back button query params are cleared","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":155,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1014","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"// The user selected a credential.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// The user selected a credenti","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":155,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1015","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"//ga('send', 'event', 'Social Click', 'from header', this.href);\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"', 'Social Click', 'from header', this.href)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":155,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1016","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":155,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"155","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1021","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":173,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"173","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"1027","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"// if(document.URL.search(\"admin\") === -1 ) {\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ocument.URL.search(\"admin\") === -1 ) {","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1028","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"// displayAlerts('Please select locality from the selected city only.',\"danger\",\"4000\");\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"splayAlerts('Please select locality from the s","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1029","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//set name and mobile if its coming from listing and entered by user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ting and entered by user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1030","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 3 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" 20/1/16 to _layout from results.ftl-->","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":163,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1031","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":163,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1032","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"// if(document.URL.search(\"admin\") === -1 ) {\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ocument.URL.search(\"admin\") === -1 ) {","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1046","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"// displayAlerts('Please select locality from the selected city only.',\"danger\",\"4000\");\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"splayAlerts('Please select locality from the s","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1047","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//set name and mobile if its coming from listing and entered by user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ting and entered by user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1048","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 3 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" 20/1/16 to _layout from results.ftl-->","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1049","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":136,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"136","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1050","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":163,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"163","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"1067","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=7200","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":182,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1092","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Post Your Property","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":189,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"189","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1170","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Post Your Property","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":182,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"182","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1171","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4747","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1367","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4762","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1368","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4767","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1369","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4789","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1372","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4794","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1373","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4796","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1374","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4800","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1375","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4820","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1376","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4832","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1377","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4834","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1378","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4836","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1379","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4837","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1380","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4845","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1381","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4849","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1382","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4850","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1383","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4852","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1384","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4858,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4858","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1385","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4860","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1386","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4867","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1387","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4889","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1388","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4890,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4890","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1389","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4892","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1390","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4893","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1391","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4896","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1392","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4901","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1393","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4902","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1394","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4903","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1395","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4909","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1396","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4911","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1397","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4912","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1398","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4913","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1399","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4915","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1400","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4926","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1401","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":95,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4928","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1402","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4929","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1403","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4931","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1404","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4936","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1405","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4939","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1406","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4951","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1408","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4957","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1409","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":86,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4963","inputVector":"","url":"https://www.nobroker.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1410","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4969","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1411","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4970","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1412","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4972","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1413","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4973","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1414","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4979","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1415","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4982","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1416","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4983","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1417","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4987","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1418","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4990","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1419","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4998","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1420","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5003","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1422","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5004","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1423","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":114,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5013","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1425","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5017,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5017","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1426","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5018","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1427","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5026,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5026","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1428","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5030","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1429","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5031","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1430","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5033","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1431","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5034","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1432","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5044","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1433","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5047","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1435","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5052","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1436","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5053","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1437","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5054","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1438","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":95,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5061","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1439","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5065","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1440","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5067","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1441","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5069","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1442","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5078","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1443","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5082","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1445","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":173,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5087","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1447","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5088,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5088","inputVector":"","url":"https://www.nobroker.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1448","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5098","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1449","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5105","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1450","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5107","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1451","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":114,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5108","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1452","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5117","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1455","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5119","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1456","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5128","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1457","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":155,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5134","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1458","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5136","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1459","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5143,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5143","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1460","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5146","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1461","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5158","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1463","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5159","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1464","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5161","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1465","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5162","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1466","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5164","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1467","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":173,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5167","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1468","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5169","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1469","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5170","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1470","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5183","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1471","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5186","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1472","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5187","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1473","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5188","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1474","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5189","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1475","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":173,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5198","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1476","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5199","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1477","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5213","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1478","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5214","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1479","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5216","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1480","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5217","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1481","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5219","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1482","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5220","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1483","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5228","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1484","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5229","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1485","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/*","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5230","inputVector":"","url":"https://www.nobroker.in/api/v1/*","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1486","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5243","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1487","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5245","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1488","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5246","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1489","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5248","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1490","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5253","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1491","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":173,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5258","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1492","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5260","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1493","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5261","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1494","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":155,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5263","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1495","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5266","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1496","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5267","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1497","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5268","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1498","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5273","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1499","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5279","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1500","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5286","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1501","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5289","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1502","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5290","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1503","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5291","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1504","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5296","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1505","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5299","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1506","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5301","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1507","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5305","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1508","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5317","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1509","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5322","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1510","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5326","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1511","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5327","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1512","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5331","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1513","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5333,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5333","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1514","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5335","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1515","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":86,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5342","inputVector":"","url":"https://www.nobroker.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1516","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5344","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1517","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5345","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1518","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":155,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5354","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1519","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5355","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1520","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5362","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1521","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5364","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1522","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5366","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1523","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5373","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1524","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5374,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5374","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1525","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5377","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1526","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5385","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1527","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5387","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1528","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5388","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1529","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5389","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1530","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5394","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1531","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5396","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1532","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5397","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1533","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5398,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5398","inputVector":"","url":"https://www.nobroker.in/api/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1534","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5399","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1535","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":155,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5405","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1536","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5408","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1537","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5412,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5412","inputVector":"","url":"https://www.nobroker.in/api/v4","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1538","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5414","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1539","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5421,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5421","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1540","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5422","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1541","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5423","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1542","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5424","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1543","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5426","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1544","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5429","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1545","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5431","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1546","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5435","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1547","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5441","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1548","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5445","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1549","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5446","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1550","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5447","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1551","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5448,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5448","inputVector":"","url":"https://www.nobroker.in/api/v4","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1552","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5449","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1553","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5470","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1554","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5471","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1555","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5473,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5473","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1556","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5474","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1557","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5475","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1558","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5476","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1559","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5477","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1560","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5478","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1561","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5482","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1562","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5484","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1563","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5486","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1564","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5487","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1565","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5491","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1566","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5496","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1567","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5497","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1568","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5500","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1569","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5501","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1570","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5511","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1571","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5512","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1572","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5514","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1573","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5515","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1574","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5521","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1575","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5523,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5523","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1576","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5524","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1577","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5525","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1578","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5528","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1579","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5529","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1580","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5530","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1581","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5531","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1582","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5537","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1583","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5538,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5538","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1584","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5544","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1585","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5545","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1586","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5549","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1587","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5554","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1588","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5558","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1589","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5559,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5559","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1590","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5563","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1591","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5564","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1592","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":72,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5565","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1593","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5567","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1595","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5568","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1596","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5570","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1598","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5571,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5571","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1599","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5575","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1600","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5576","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1601","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5578","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1602","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5584","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1604","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5586","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1605","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5588,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5588","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1606","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5610","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1607","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5612","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1608","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5613","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1609","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5616","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1612","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5617","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1613","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5618","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1614","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5619,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5619","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1615","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5620","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1616","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5623","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1617","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":90,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5624","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1618","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5626","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1619","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5628","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1620","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5629","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1621","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5630,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5630","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1622","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":69,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5640","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1623","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5643","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1624","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5644","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1625","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5647","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1627","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5649,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5649","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1629","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5651","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1630","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5657","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1631","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5659","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1632","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5662","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1633","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5663,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5663","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1634","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5665","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1636","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5670,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5670","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1637","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5678","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1640","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5679,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5679","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1641","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5681","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1642","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5695","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1643","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5696,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5696","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1644","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5697","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1645","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5699","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1646","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5701,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5701","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1648","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5702","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1649","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5703","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1650","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5705","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1651","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5706","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1652","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5715,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5715","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1653","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5718","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1654","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5720","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1655","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5721,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5721","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1656","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5722","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1657","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5723","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1658","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5724","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1659","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5732,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5732","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1661","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":85,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5736","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1663","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5737,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5737","inputVector":"","url":"https://www.nobroker.in/api/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1664","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":75,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5738","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1665","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5740","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1666","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5742","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1667","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5743,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5743","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1668","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5750","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1669","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5751","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1670","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5752","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1671","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5753","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1672","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5755","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1674","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5761,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5761","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1675","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5762,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5762","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1676","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5763","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1677","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5764","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1678","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5768","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1679","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5775","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1680","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5776,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5776","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1681","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5777","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1682","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5780","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1684","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5789","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1685","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5790","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1686","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5792,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5792","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1688","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5795","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1689","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5797","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1690","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5798","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1691","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5801,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5801","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1692","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5804,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5804","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1693","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5805,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5805","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1694","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5807,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5807","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1696","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5812","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1697","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5813","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1698","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5814","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1699","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5815","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1700","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5820,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5820","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1702","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5822,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5822","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1703","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5827,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5827","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1704","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5834","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1706","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5842","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1707","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5845","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1708","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5850","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1709","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/about","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5851","inputVector":"","url":"https://www.nobroker.in/about","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1710","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5860","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1711","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5861","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1712","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5862","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1713","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5863,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5863","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1714","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5864,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5864","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1715","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5865","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1716","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5868","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1717","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5869,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5869","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1718","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5871,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5871","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1719","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5874","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1720","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5879","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1721","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5881,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5881","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1722","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5883","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1723","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5887","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1724","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5891,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5891","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1725","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5893","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1726","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5895,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5895","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1727","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5898","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1728","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5900,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5900","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1729","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5901,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5901","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1730","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5903","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1731","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5905","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1732","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5907","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1733","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5910,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5910","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1734","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5916,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5916","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1735","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5917,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5917","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1736","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5921,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5921","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1737","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5922,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5922","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1738","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5932","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1739","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5935,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5935","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1740","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5936","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1741","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5944","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1742","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5945","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1743","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5946","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1744","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5947","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1745","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5952","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1746","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5953,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5953","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1747","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5955","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1748","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":86,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5961","inputVector":"","url":"https://www.nobroker.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1749","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5964,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5964","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1750","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5974,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5974","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1751","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5983,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5983","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1752","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5984,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5984","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1753","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5986,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5986","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1754","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5987,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5987","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1755","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5989","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1756","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"5996","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1757","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6005,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6005","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1758","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6006,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6006","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1759","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6010","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1760","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6011,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6011","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1761","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6012,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6012","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1762","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6013","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1763","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6014,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6014","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1764","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6015,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6015","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1765","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6016,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6016","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1766","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6025,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6025","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1767","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6026","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1768","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6029,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6029","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1769","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6035,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6035","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1770","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6037,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6037","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1771","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6038,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6038","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1772","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6039,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6039","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1773","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6040,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6040","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1774","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6041,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6041","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1775","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6045,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6045","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1776","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6051","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1777","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6054","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1778","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6055,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6055","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1779","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6060,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6060","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1780","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6061,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6061","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1781","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6063,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6063","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1782","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6064,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6064","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1783","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6065,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6065","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1784","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6069,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6069","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1785","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6072,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6072","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1786","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6073,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6073","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1787","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6075,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6075","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1788","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6076,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6076","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1789","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6081","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1790","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6083,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6083","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1791","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6084,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6084","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1792","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6085,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6085","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1793","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6087,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6087","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1794","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6089,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6089","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1795","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6091,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6091","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1796","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6095,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6095","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1797","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6096","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1798","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6100,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6100","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1799","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6103,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6103","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1800","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6107,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6107","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1801","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6109,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6109","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1802","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6110","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1803","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6112","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1804","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6113,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6113","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1805","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/contact","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":79,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6117","inputVector":"","url":"https://www.nobroker.in/contact","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1806","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6119","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1807","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6124","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1808","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6125","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1809","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6126","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1810","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6132","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1811","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6133","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1812","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6146","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1813","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6147,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6147","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1814","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6148","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1815","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6149","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1816","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6150,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6150","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1817","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6152","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1818","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6153,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6153","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1819","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6156","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1820","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6158,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6158","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1821","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6160,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6160","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1822","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6162","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1823","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6164","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1824","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6166","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1825","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6168","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1826","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6171,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6171","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1827","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6174,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6174","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1828","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6177","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1829","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6179","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1830","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6182","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1831","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6186","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1832","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6188,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6188","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1833","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6190,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6190","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1834","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6197,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6197","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1835","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6199,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6199","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1836","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6204,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6204","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1837","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6207,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6207","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1838","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6212,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6212","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1839","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6214,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6214","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1840","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6217,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6217","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1841","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6220","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1842","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6223,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6223","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1843","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6226","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1844","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6230","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1845","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6232","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1846","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6233,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6233","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1847","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6235,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6235","inputVector":"","url":"https://www.nobroker.in/property/pg","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1848","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6238","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1849","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6239,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6239","inputVector":"","url":"https://www.nobroker.in/nb-vendor-onboarding/vendors~VendorOnboarding","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1850","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6245,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6245","inputVector":"","url":"https://www.nobroker.in/property/pg","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1851","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6248,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6248","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1852","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6250,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6250","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1853","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6252","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1854","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":177,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6254","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1855","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6257,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6257","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1856","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6259","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1857","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6261,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6261","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1858","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6263,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6263","inputVector":"","url":"https://www.nobroker.in/property/pg","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1859","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6266,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6266","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1860","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6270,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6270","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1861","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6271,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6271","inputVector":"","url":"https://www.nobroker.in/property/pg","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1862","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6273,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6273","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1863","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6275,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6275","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1864","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6278","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1865","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6280,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6280","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1866","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6282,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6282","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1867","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6288","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1868","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6290","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1869","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6292","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1870","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6296","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1871","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6298","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1872","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6300","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1873","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6302","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1874","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6305","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1875","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6307","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1876","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6312","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1877","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6318","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1878","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6320","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1879","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6322","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1880","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6324","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1881","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6326","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1882","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6328","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1883","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6330","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1884","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6332","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1885","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6334","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1886","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6371,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6371","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1887","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6373,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6373","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1889","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6374","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1890","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6384","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1891","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6397","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1893","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6410,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6410","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1895","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":163,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6421","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1896","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6424,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6424","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1897","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6427","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1898","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6432,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6432","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1899","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6436","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1900","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6437,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6437","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1901","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6444","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1902","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6447","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1903","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6454,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6454","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1904","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6455","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1905","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6461,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6461","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1906","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6463,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6463","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1907","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6467","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1908","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6473,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6473","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1909","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6481,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6481","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1912","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6484","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1913","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6487","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1914","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6488,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6488","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1915","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6493","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1916","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6494","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1917","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6497","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1918","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6500","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1919","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6506","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1921","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6508","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1922","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6511","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1923","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6515","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1924","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6519,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6519","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1925","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6521","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1926","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6526","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1927","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":163,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6527","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1928","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6528","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1929","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6535,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6535","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1931","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6537,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6537","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1932","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6540,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6540","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1933","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6544,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6544","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1935","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6548,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6548","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1936","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6550","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1937","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6564,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6564","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1939","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6565,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6565","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1940","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6567,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6567","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1941","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6568,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6568","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1942","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6569,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6569","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1943","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6570,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6570","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1944","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6571,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6571","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1945","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6578","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1946","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6580,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6580","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1947","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6582,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6582","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1948","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6587,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6587","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1950","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6590,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6590","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1951","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6598,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6598","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1952","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6600,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6600","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1954","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6603","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1956","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6605,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6605","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1957","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6606,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6606","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1958","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6611","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1959","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6612,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6612","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1960","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6613,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6613","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1961","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6620","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1963","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6624,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6624","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1965","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6626,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6626","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1966","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6628,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6628","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1967","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6630","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1968","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6633","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1969","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6635,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6635","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1970","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6637","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1971","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6640,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6640","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1972","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6642,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6642","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1973","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6644,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6644","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1974","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6654,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6654","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1975","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6655,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6655","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1976","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6656,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6656","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1977","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6658","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1978","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6659","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1979","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6660,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6660","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1980","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6661,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6661","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1981","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6662,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6662","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1982","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6666,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6666","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1983","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6668,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6668","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1984","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6672,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6672","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1985","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6673,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6673","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1986","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6674,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6674","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1987","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6678,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6678","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1988","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6680,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6680","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1989","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6682","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1990","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6687,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6687","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1991","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6688,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6688","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1992","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6689,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6689","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1993","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6691,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6691","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1994","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6692,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6692","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1995","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6694,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6694","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1996","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6696,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6696","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1997","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6699,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6699","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1998","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6700,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6700","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1999","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6702,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6702","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"2000","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6705,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6705","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2001","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6708,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6708","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2002","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6709,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6709","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2003","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6710,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6710","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2004","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6713","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2005","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6714","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2006","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6717","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2007","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6718","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"2008","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6721,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6721","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2009","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6724","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2010","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6726,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6726","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2011","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6729,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6729","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2012","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6731,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6731","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"2013","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6733,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6733","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2014","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6735,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6735","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2015","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6741","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"2017","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6743,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6743","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2018","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6745","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"2019","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6747","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"2020","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6749,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6749","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2021","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6751","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"2022","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6753,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6753","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2023","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6755","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2024","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6760,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6760","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2025","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6762","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"2026","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6764","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"2027","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6768","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2028","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6772,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6772","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2029","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6774","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2030","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6776","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2031","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6778","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000/8a9f96158f95ab7b018f95f4fc5428ae/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2032","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6780","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2033","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6782,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6782","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2034","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6786","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2035","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6788","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2036","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6790","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2037","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6796","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"2038","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6801,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6801","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2040","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6803","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-jawahar-nagar-kota-for-rs-25000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2041","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6807,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6807","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2042","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6810","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2043","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6812","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-18000/8a9f969c8f96199c018f962362b8023f","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2044","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6817,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6817","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2045","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6822,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6822","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2046","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6824","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2047","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6826","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-sammunnat-sathyarth-jawahar-nagar-talwandi-kota-bangalore-for-rs-15000/8a9f96158f95ab7b018f95f4fc5428ae","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2048","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6830","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2049","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6832","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2050","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6834","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2051","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6836","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f/detail","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2052","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6840,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6840","inputVector":"","url":"https://www.nobroker.in/property/pg/pg-hostel-for-girls-in-near-allen-supath-coral-park-naya-nohra-kota-kota-for-rs-15000/8a9f969c8f96199c018f962362b8023f","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2053","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6845","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"2054","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6847","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"2055","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6849","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"2056","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6851","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"2057","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6853","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"2058","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6855","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"2059","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6857","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"2060","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6859","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"2061","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6861","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"2062","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6863","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"2063","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/blog","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":80,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"6865","inputVector":"","url":"https://www.nobroker.in/blog","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"2064","alertRef":"10104"}]},"vulnerability_types":{"Missing Anti-clickjacking Header":13,"Re-examine Cache-control Directives":17,"Content Security Policy (CSP) Header Not Set":22,"Cross-Domain JavaScript Source File Inclusion":424,"Modern Web Application":19,"Retrieved from Cache":3,"Strict-Transport-Security Header Not Set":8,"Sub Resource Integrity Attribute Missing":293,"X-Content-Type-Options Header Missing":19,"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)":18,"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)":28,"Cookie No HttpOnly Flag":33,"Loosely Scoped Cookie":9,"Cookie without SameSite Attribute":33,"Session Management Response Identified":11,"Cookie Without Secure Flag":18,"Charset Mismatch (Header Versus Meta Content-Type Charset)":5,"Charset Mismatch (Header Versus Meta Charset)":5,"Absence of Anti-CSRF Tokens":25,"Information Disclosure - Debug Error Messages":3,"Information Disclosure - Suspicious Comments":17,"Timestamp Disclosure - Unix":76,"User Agent Fuzzer":652},"owasp_top10":{"Unmapped / Other":1699,"A05: Security Misconfiguration":27,"A01: Broken Access Control":25}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69f0737b132827677791a9af"},"created_at":{"$date":"2026-04-28T08:44:43.824Z"},"url":"https://www.nobroker.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.nobroker.in/","scan_timestamp":"20260428_081429","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":61,"urls_list":["https://www.nobroker.in/","https://www.nobroker.in/robots.txt","https://www.nobroker.in/sitemap.xml","https://www.nobroker.in/falcon/","https://www.nobroker.in/signout","https://www.nobroker.in/api/v1/*/notification/","https://www.nobroker.in/_proxy_","https://www.nobroker.in/profile/","https://www.nobroker.in/nb-nbex/","https://www.nobroker.in/nb-new/","https://www.nobroker.in/redirect","https://www.nobroker.in/app?type","https://www.nobroker.in/swagger/","https://www.nobroker.in/hs-admin/","https://www.nobroker.in/nb-cms/","https://www.nobroker.in/nbpixel","https://www.nobroker.in/api/v1/admin/","https://www.nobroker.in/on-boarding/","https://www.nobroker.in/support","https://www.nobroker.in/static/","https://www.nobroker.in/admin","https://www.nobroker.in/search-hs","https://www.nobroker.in/swagger/v1","https://www.nobroker.in/resetPassword/","https://www.nobroker.in/api/v3/","https://www.nobroker.in/NOBRKR/","https://www.nobroker.in/*?amp=2","http://www.nobroker.in/404","https://www.nobroker.in/favicon.ico","https://www.nobroker.in/v5/","https://www.nobroker.in/admin/","https://www.nobroker.in/verify/","https://www.nobroker.in/nb-nbex/main.a4bf9becad32e87af120.js","https://www.nobroker.in/config/","https://www.nobroker.in/nb-cms-api/","https://www.nobroker.in/user/","https://www.nobroker.in/analytics/","https://www.nobroker.in/v1/","https://www.nobroker.in/hs-new/","https://www.nobroker.in/nb-vip/","https://www.nobroker.in/nb-nbex/public","https://www.nobroker.in/nb-nbex/11.98db0a194479635a2453.js","https://www.nobroker.in/nb-prophub-ui/","https://www.nobroker.in/nb-nbex/public/","https://www.nobroker.in/vendor-onboard","https://www.nobroker.in/nb-nbex/css/main.fe763ef9fbede8a69727.css","https://www.nobroker.in/nb-nbex/favicon.ico","https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","https://www.nobroker.in/.env","https://www.nobroker.in/api/v1/","https://www.nobroker.in/sv/","https://www.nobroker.in/api/space/","https://www.nobroker.in/app_","https://www.nobroker.in/chat","https://www.nobroker.in/*?amp=1","https://www.nobroker.in/api/v4/","https://www.nobroker.in/sy/","https://www.nobroker.in/property/listing/","https://www.nobroker.in/redirectUrl?redirectUrl","https://www.nobroker.in/api/v5/","https://www.nobroker.in/api/v2/"],"duration":10.041056871414185},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.05271983146667},"passive_scan":{"status":"completed","duration":0.005457401275634766},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.nobroker.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":1020.2717096805573},"vulnerabilities":{"total_alerts":1167,"high_risk":0,"medium_risk":142,"low_risk":377,"informational":648,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"0","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"27","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"28","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"29","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"30","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"31","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"32","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"33","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"34","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"35","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"36","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"37","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"38","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"39","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"40","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"41","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"42","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"43","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"44","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"45","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"46","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"47","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"48","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"49","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"50","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":69,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"56","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":71,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"71","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"62","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"66","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"69","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"70","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":87,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"87","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"74","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"75","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"79","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":69,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"82","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"94","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/analytics/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":122,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"122","inputVector":"","url":"https://www.nobroker.in/analytics/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"100","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":137,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"104","alertRef":"10020-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":130,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"130","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"113","alertRef":"10055-13"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":79,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"120","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":81,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"125","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":84,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"130","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":86,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"142","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":90,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"165","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":117,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"173","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":137,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"190","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":69,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"261","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":69,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"281","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":69,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"297","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":81,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"299","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":81,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"306","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"311","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":81,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"316","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"319","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"326","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":156,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"327","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":86,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"333","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"340","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"343","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"349","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"350","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"356","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"357","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"361","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"363","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"366","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"368","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"370","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"371","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"373","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"374","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"376","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"379","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"380","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"383","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"386","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"389","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"392","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":137,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"399","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":137,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"402","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":137,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"404","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":143,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"405","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":137,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"407","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"429","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"435","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"437","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"439","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"441","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"443","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"445","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":90,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"447","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 3: \"email\" \"newAccountName\" \"newAccountPhone\" \"user_password\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"511","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"scope\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"512","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 5: \"scope\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"513","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 6: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"514","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 7: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"515","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 10: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"518","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":143,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"557","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 2: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":143,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"558","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":143,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"559","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":150,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"560","alertRef":"10038-1"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"_spring_security_remember_me\" \"user_password\" \"userName\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":150,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"646","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 2: \"hiddenSubmit\" \"otpInput\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":150,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"647","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 4: \"copyNumberCheckbox\" \"email\" \"name\" \"nriInfoFormContactNumber\" \"nriInfoFormWhatsappNumber\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":150,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"648","alertRef":"10202"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"656","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":143,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"657","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"666","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"667","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"668","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"669","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"670","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"671","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"683","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"684","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"685","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"686","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"687","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"688","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"689","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"690","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"691","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"692","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"693","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"694","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"695","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"696","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"697","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"698","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"699","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"700","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"701","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"702","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":6,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"703","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":150,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"716","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":150,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"717","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":150,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"718","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"725","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"727","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"728","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"729","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"730","alertRef":"90003"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"731","alertRef":"90003"}],"Low":[{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/public/js/instantgratification.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/640.e27fed3587f5ec713511.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"4","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/main.7ade2e32824fdd43b048.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"5","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/4/4.398fb00d2a5e3f71116d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"6","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/6/6.afaceae551527e2f040e.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"7","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/7/7.facf69fe3a345809ee86.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"8","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/8/8.9c9c3d7f1228a7a24979.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"9","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/35/35.2bb40b034e85a5a9bfb5.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"10","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/119/119.72ea7f7d1219e177b0d1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"11","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/151/151.a10b170c79ae86f4334a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"12","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/home/home.95b1746708cb5068e630.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"13","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/ToggleSwitch/ToggleSwitch.a2977d85ea192887546a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"14","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/FestiveServices/FestiveServices.6328a5bd2156b961d85f.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"15","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/InstacashAdCard/InstacashAdCard.dbf6cb6dbee1cb583380.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"16","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeAssistPlans/HomeAssistPlans.1944c4fc1ddba205c905.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"17","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/AdCards/AdCards.cbd1a53e010714f750bc.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"18","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NBHorizontalTilesCarousel/NBHorizontalTilesCarousel.d38122e3bf1f62b2b9f3.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"19","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/Footer/Footer.ef1602bd6ea599fb7654.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"20","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/40/40.173e905dd7b4e287f36c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"21","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SiteMapFooterNew/SiteMapFooterNew.ce51e3317409ec39b6e9.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"22","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/BottomLinkFooter/BottomLinkFooter.1677ee8990433867ada6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"23","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"26","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"51","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"52","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"63","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":7,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"7","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"67","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"71","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":71,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"71","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"73","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"77","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":89,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"78","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":96,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"96","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"80","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":74,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"81","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":101,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"83","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":103,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"103","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"84","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":7,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"7","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"85","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/favicon.ico","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":107,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"107","inputVector":"","url":"https://www.nobroker.in/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"86","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":108,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"108","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"88","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":110,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"110","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"89","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":112,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"112","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"90","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"91","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":87,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"87","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"95","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":115,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"96","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":120,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"120","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"99","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":124,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"124","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"101","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"102","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":133,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"133","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"103","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":96,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"96","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"105","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/favicon.ico","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"141","inputVector":"","url":"https://www.nobroker.in/nb-nbex/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"107","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":74,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"108","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":69,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyCjAZYE2-QriLt0Q2MJtRO22kAEWlKKaf4&v=3.exp&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"109","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":101,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"112","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":149,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"114","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":103,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"103","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"115","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":144,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"118","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":154,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"154","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"119","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":152,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"121","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":110,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"110","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"122","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"123","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":115,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"127","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":89,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"131","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":160,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"132","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"133","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/analytics/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":122,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"122","inputVector":"","url":"https://www.nobroker.in/analytics/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"134","alertRef":"10035-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/css/main.fe763ef9fbede8a69727.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":138,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"138","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css/main.fe763ef9fbede8a69727.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"140","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-nbex/favicon.ico","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":141,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"141","inputVector":"","url":"https://www.nobroker.in/nb-nbex/favicon.ico","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"143","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":149,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"147","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":130,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"130","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"149","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":144,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"152","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"153","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":152,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"154","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":142,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"142","inputVector":"","url":"https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"155","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/webpack-81e1c3b1854b10f4.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"162","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nbpixel-ui/vendor.9631a11c3b20a7d27e83.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"164","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":115,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"168","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/knowYourRent/gauge.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"169","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":160,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"171","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"172","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"174","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-nbex/css/main.fe763ef9fbede8a69727.css","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":138,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"138","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css/main.fe763ef9fbede8a69727.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"176","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":96,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"96","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"177","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":86,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"178","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":74,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"180","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":101,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"181","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":103,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"103","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"183","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":152,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"188","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":142,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"142","inputVector":"","url":"https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"189","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/framework-fee8a7e75612eda8.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"191","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"192","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nbpixel-ui/main.be4ec34b587a16f854a7.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"193","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-address","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-address","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"194","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyBKOLvPVSGuaBf9owgRFfDBXOQgJ4Vc8Nk&v=3.exp&libraries=places,geometry&map_ids=26ebf3fb725fae8d&callback=googleMapLoadCallBack","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"197","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":115,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"198","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":89,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"199","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":160,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"200","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"201","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"202","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":96,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"96","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"204","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":86,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"205","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":74,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbcr","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"206","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":101,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"208","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":149,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"209","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"218","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/main-0608700a3131e93b.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"219","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"221","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-country","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-country","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"222","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-latitude","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-latitude","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"224","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"225","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":115,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"227","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":89,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"228","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"231","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":133,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"133","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"232","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":96,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"96","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"233","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":86,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"234","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":74,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"235","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":149,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"236","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":101,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"237","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":103,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"103","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"238","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":144,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"240","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":110,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"110","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"241","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"isMobile","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"243","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":152,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"244","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/pages/_app-cbd38f2cc594983a.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"245","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":82,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"246","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-longitude","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-longitude","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"248","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/391.f34cf3507a8b82f17ff9.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"249","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":89,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"252","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":160,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"253","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":61,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"254","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"255","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyCwy2ETEJXPynpNXJggwjzsHxFcG3Il34o&v=3.exp&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"258","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":149,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"259","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":110,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"110","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"266","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deviceType","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"267","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":152,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"268","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/3996-097ca6fa6884f3ea.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"269","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-city","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"cloudfront-viewer-city","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"273","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"headerFalse","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"274","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":160,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"278","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"279","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":144,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"283","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"286","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":152,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"287","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/chunks/pages/index-c35009b2dd4fb35c.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"288","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/main.a6ce01a802a699ecfd82.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"291","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deffered_login","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deffered_login","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"292","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":160,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"296","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":110,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"110","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"298","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"isMobile","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"300","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/C1QtFkIEdQIqtSpvFN1T1/_buildManifest.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"301","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_summary","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"new_pnm_summary","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"303","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":69,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"305","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deviceType","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"309","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-cms/_next/static/C1QtFkIEdQIqtSpvFN1T1/_ssgManifest.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"310","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_MyBookings","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"new_pnm_MyBookings","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"313","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"isMobile","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"314","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":69,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"315","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"317","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"deviceType","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"322","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"323","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"isMobile","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"325","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-address","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-address","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"330","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deviceType","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"331","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-country","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-country","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"336","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":144,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"144","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"337","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"338","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":152,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"339","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":160,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"341","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-latitude","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-latitude","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"344","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":86,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"346","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"347","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":86,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"348","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-longitude","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-longitude","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"351","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-city","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"cloudfront-viewer-city","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"359","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"headerFalse","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"365","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"367","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deffered_login","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deffered_login","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"369","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_summary","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"new_pnm_summary","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"372","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_MyBookings","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"new_pnm_MyBookings","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"375","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"isMobile","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"377","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":117,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"378","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"deviceType","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"381","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: PHP/8.2.18","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":117,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"382","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-address","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-address","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"384","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"385","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":84,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"390","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-country","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-country","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"391","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-latitude","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-latitude","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"393","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-longitude","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-longitude","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"395","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"396","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: cloudfront-viewer-city","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"cloudfront-viewer-city","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"398","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Next.js","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":79,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"400","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: headerFalse","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"headerFalse","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"401","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deffered_login","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deffered_login","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"403","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_summary","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"new_pnm_summary","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"406","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: new_pnm_MyBookings","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"new_pnm_MyBookings","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"408","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: isMobile","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"isMobile","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"409","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: deviceType","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"deviceType","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"410","alertRef":"10011"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"411","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"412","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/391.f34cf3507a8b82f17ff9.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"413","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"414","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/main.a6ce01a802a699ecfd82.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"415","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"416","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/48/48.dbbd80896111cfba2221.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"417","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"418","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/hs-new/search/search.333b62c85c694af92c0a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"419","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":137,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"421","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"422","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":137,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"423","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"424","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbcr","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"425","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"426","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"427","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"430","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"434","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"436","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"438","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"440","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"442","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"444","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"446","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/listPlanCardConstant.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"448","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/listPlanCardHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"449","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/lib-min1.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"450","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"451","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.2.0/socket.io.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"452","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"453","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"454","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"455","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"456","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"457","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"458","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"459","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/seoNearByLocationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"460","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"461","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"462","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":90,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"463","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"464","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":90,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"465","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"466","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"467","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/admin/secondaryPhoneModal.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"468","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/whatsAppAPIHandler.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"469","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/whatsapp/whatsappChatRoom.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"470","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/whatsapp/whatsappHome.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"471","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"472","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/rangeSlider/nbRangeSlider.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"473","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/commercialPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"474","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/buyerPlan.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"475","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/sellerPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"476","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/plans/tenantPlans.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"478","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/menu-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"479","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/globalUserVerificationModal.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"480","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/schedulerModal.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"481","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/generalSchedulerModal.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"482","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/scheduler/scheduler_constants.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"483","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap-datepicker-new.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"484","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"485","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/polyfiller.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"486","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb_form.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"487","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"488","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"489","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"490","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"491","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"496","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"497","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/date-manipulation.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"499","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/admin/globalPopup.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"500","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/timeago-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"501","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.gstatic.com/firebasejs/3.6.2/firebase.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"505","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.gstatic.com/firebasejs/3.6.2/firebase.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"506","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbFirebase.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"507","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/vendor/mailcheck.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"508","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"509","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"516","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"517","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"519","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"521","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/user-activity-detection.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"522","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"523","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"524","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"525","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"526","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"527","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/homepage/homepage.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"528","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"529","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"530","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"531","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"532","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"533","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"534","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"535","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/googleSigninHelper.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"536","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"537","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"538","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"539","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"540","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/google-events.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"541","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"543","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"544","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"545","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"546","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"547","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"548","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"549","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"550","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":143,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"551","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbDevice","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"561","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"mbTrackID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"563","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbcr","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"565","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbpt","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"566","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"nbccc","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"567","alertRef":"10010"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbDevice","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbDevice","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"569","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: mbTrackID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"mbTrackID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"570","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbcr","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbcr","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"571","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbpt","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbpt","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"572","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: nbccc","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"nbccc","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"573","alertRef":"10054-1"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"Under Construction","pluginId":"10023","cweid":"1295","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ERRH-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling","CWE-1295":"https://cwe.mitre.org/data/definitions/1295.html","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Disable debugging messages before pushing to production.","alert":"Information Disclosure - Debug Error Messages","param":"","attack":"","name":"Information Disclosure - Debug Error Messages","risk":"Low","id":"574","alertRef":"10023"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/3/3.2bea1f6a80a0c03f854c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"586","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HeaderContentDesktop/HeaderContentDesktop.6c5a5b09f07d81eec0c6.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"587","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/NbButton/NbButton.af5d5123c79eac320661.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"588","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/SupportPanel/SupportPanel.2d2d61e2ddc461c9aa7c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"589","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/RABanner/RABanner.5a78c94f2a76f558b866.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"590","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/1/1.e0ce36d1fc40258ae7d7.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"591","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/2/2.3ebcb94aebf02dbdbc4a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"592","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/5/5.f8369ca6dccc177f2a6c.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"593","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/10/10.b258b3a15989b402b1d1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"594","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/12/12.ea73710f4024e7ec8b81.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"595","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jquery.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"596","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/15/15.6f660e726e821967a3a1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"597","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbCache.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"598","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/17/17.de9dced030764ac47230.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"599","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://apis.google.com/js/platform.js?onload=initAuth2","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"600","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/19/19.5faa655227e84d079263.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"601","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://maps.googleapis.com/maps/api/js?key=AIzaSyA99pRXVutIKuFwo5Ol_MqYv7MJmRLYLLo&v=3.exp&sensor=false&libraries=places,geometry","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"602","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/29/29.909075207360ab27f030.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"603","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/37/37.2102db678894c515d01a.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"605","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/util-main.min1724831814561.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"606","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/124/124.0676f10b7c315050a613.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"607","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/nb-new/public/js/instantgratification.001.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"608","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeDesktopFilter/HomeDesktopFilter.1845432f19f8fad860c1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"609","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/userRegistration/userRegistrationModalV2.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"610","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/PostPropertyCardDesktop/PostPropertyCardDesktop.29b7cb2c552be2cc5a3d.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"611","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/signin.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"612","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/verification/phoneOwnershipVerification.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"613","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeTileCard/HomeTileCard.6ccfa1374bee774a92c1.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"614","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/homepage/homepage.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"615","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/9/9.b18d3fefd0a5a93ad815.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"616","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://assets.nobroker.in/nb-new/HomeCard/HomeCard.48ccaea30276c29cc8cf.chunk.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"618","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/handlebars_3.0.3.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"620","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/dashboard/handlebar-helpers.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"622","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/bootstrap.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"624","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nb-ga.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"626","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/multipleLocationSelectorHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"627","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAutoComplete.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"628","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/googleSigninHelper.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"629","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/fb.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"630","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/utils/nbUtils.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"631","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/nobroker-loader.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"632","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/facebookEvent.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"633","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//static.criteo.net/js/ld/ld.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"635","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"636","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/jReject-min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"637","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"638","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalConstant.min1777357930466.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"639","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/userRegistrationModalHelper.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"640","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeEvents.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"641","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/universal/nbAdobeService.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"642","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://api.juspay.in/pay-v3.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"643","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.nobroker.in/static/lib/sw-register.min1724745019844.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"644","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":150,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"//assets.adobedtm.com/e0b9255c6246/62e4c383fb62/launch-2f72a0f28dd3.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"645","alertRef":"10017"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":143,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) headers were found, a response with multiple HSTS header entries is not compliant with the specification (RFC 6797) and only the first HSTS header will be processed others will be ignored by user agents or the HSTS policy may be incorrectly applied.\nHTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://datatracker.ietf.org/doc/html/rfc6797#section-8.1","solution":"Ensure that only one component in your stack: code, web server, application server, load balancer, etc. is configured to set or add a HTTP Strict-Transport-Security (HSTS) header.","alert":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","param":"","attack":"","name":"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)","risk":"Low","id":"653","alertRef":"10035-3"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"Under Construction","pluginId":"10023","cweid":"1295","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ERRH-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling","CWE-1295":"https://cwe.mitre.org/data/definitions/1295.html","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Disable debugging messages before pushing to production.","alert":"Information Disclosure - Debug Error Messages","param":"","attack":"","name":"Information Disclosure - Debug Error Messages","risk":"Low","id":"658","alertRef":"10023"},{"nodeName":"https://www.nobroker.in/nb-nbex/main.a4bf9becad32e87af120.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":114,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"114","inputVector":"","url":"https://www.nobroker.in/nb-nbex/main.a4bf9becad32e87af120.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"660","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-nbex/main.a4bf9becad32e87af120.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":114,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"114","inputVector":"","url":"https://www.nobroker.in/nb-nbex/main.a4bf9becad32e87af120.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"661","alertRef":"10037"},{"nodeName":"https://www.nobroker.in/nb-nbex/11.98db0a194479635a2453.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":132,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"132","inputVector":"","url":"https://www.nobroker.in/nb-nbex/11.98db0a194479635a2453.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"732","alertRef":"10021"},{"nodeName":"https://www.nobroker.in/nb-nbex/11.98db0a194479635a2453.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":132,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"132","inputVector":"","url":"https://www.nobroker.in/nb-nbex/11.98db0a194479635a2453.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"733","alertRef":"10037"}],"Informational":[{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=7200","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"PG / Hostels in Delhi NCR","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"24","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 2952","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"1","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"25","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"public,max-age=3600","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":7,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"7","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"54","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/robots.txt","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 0","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":7,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"7","inputVector":"","url":"https://www.nobroker.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"57","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=31557600","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":69,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"65","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":79,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"87","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":81,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"93","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"","method":"GET","evidence":"public, max-age=0","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":84,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"98","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":86,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"106","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 962813","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":142,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"142","inputVector":"","url":"https://www.nobroker.in/nb-nbex/e3715c8c9f6c77c7f0ec.png","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"117","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":90,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"126","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":115,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"129","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"cookie:cloudfront-viewer-address","method":"GET","evidence":"cloudfront-viewer-address","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":90,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"cloudfront-viewer-address","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"135","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":117,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"136","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":61,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"138","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":96,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"96","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"141","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: nbcr\nCookie name: nbpt\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":74,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"74","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"144","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":101,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"146","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":103,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"103","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"150","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":61,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"156","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":137,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"161","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":82,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"163","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":89,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"170","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":133,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"133","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"175","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":149,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"182","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/nb-nbex/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":69,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"69","inputVector":"","url":"https://www.nobroker.in/nb-nbex/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"184","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":61,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"207","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":152,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"217","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":160,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"229","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":162,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"230","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":103,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"103","inputVector":"","url":"https://www.nobroker.in/*?amp=2","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"242","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":115,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"115","inputVector":"","url":"https://www.nobroker.in/config/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"251","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":101,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"101","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"260","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"cookie:nbccc","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":82,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"270","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":156,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"276","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":89,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"89","inputVector":"","url":"https://www.nobroker.in/admin","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"277","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":133,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"133","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"280","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":149,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"149","inputVector":"","url":"https://www.nobroker.in/app_","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"282","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/nbpixel","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":81,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"81","inputVector":"","url":"https://www.nobroker.in/nbpixel","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"284","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/api/v1/admin/","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":82,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"82","inputVector":"","url":"https://www.nobroker.in/api/v1/admin/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"289","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification/","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":61,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"61","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"293","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/support","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":86,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"86","inputVector":"","url":"https://www.nobroker.in/support","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"295","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"3","other":"cookie:mbTrackID","method":"GET","evidence":"mbTrackID","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":110,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"110","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"mbTrackID","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"307","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":156,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"308","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":156,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"318","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/nb-cms/","sourceid":"3","other":"A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":79,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"79","inputVector":"","url":"https://www.nobroker.in/nb-cms/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"324","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/on-boarding/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":84,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"84","inputVector":"","url":"https://www.nobroker.in/on-boarding/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"332","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":162,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"162","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"342","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":160,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"160","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"353","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbcr\nCookie name: nbpt\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":156,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"354","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/api/v1/","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":144,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"144","inputVector":"","url":"https://www.nobroker.in/api/v1/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"355","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/nb-cms-api/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":117,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"117","inputVector":"","url":"https://www.nobroker.in/nb-cms-api/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"358","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":152,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"152","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"360","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":143,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"387","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/vendor-onboard","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":137,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"137","inputVector":"","url":"https://www.nobroker.in/vendor-onboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"388","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [iso-8859-1] and [UTF-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":143,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Content-Type Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Content-Type Charset)","risk":"Informational","id":"394","alertRef":"90011-1"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [iso-8859-1] and [utf-8] do not match.","method":"GET","evidence":"","pluginId":"90011","cweid":"436","confidence":"Low","sourceMessageId":143,"wascid":"15","description":"This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.\n\nAn attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-436":"https://cwe.mitre.org/data/definitions/436.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection","solution":"Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.","alert":"Charset Mismatch (Header Versus Meta Charset)","param":"","attack":"","name":"Charset Mismatch (Header Versus Meta Charset)","risk":"Informational","id":"397","alertRef":"90011-2"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbcr\nCookie name: nbpt\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":143,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"420","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/search-hs","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":90,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"90","inputVector":"","url":"https://www.nobroker.in/search-hs","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"428","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":150,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"554","alertRef":"10015"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The origin domain used for comparison was:\nwww.nobroker.in\nCookie name: nbDevice\nCookie name: mbTrackID\nCookie name: nbcr\nCookie name: nbpt\nCookie name: nbccc\n","method":"GET","evidence":"Domain=.nobroker.in","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":150,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"568","alertRef":"90033"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"// The user selected a credential.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// The user selected a credenti","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"650","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"//ga('send', 'event', 'Social Click', 'from header', this.href);\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"', 'Social Click', 'from header', this.href)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":143,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"651","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":143,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"652","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":143,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"143","inputVector":"","url":"https://www.nobroker.in/.env","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"659","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Post Your Property","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":6,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"662","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 61","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":6,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"6","inputVector":"","url":"https://www.nobroker.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"663","alertRef":"10050-2"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 2 times, the first in likely comment: \"//get the lat_lgn value always as on back button query params are cleared\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s as on back button query params are cleared","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"710","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"// The user selected a credential.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// The user selected a credenti","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"711","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"//ga('send', 'event', 'Social Click', 'from header', this.href);\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"', 'Social Click', 'from header', this.href)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":150,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"712","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":150,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"713","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"3","other":"cookie:nbccc\ncookie:mbTrackID","method":"GET","evidence":"nbccc","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":150,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"150","inputVector":"","url":"https://www.nobroker.in/chat","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"nbccc","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"719","alertRef":"10112"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"// if(document.URL.search(\"admin\") === -1 ) {\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ocument.URL.search(\"admin\") === -1 ) {","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"720","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//set name and mobile if its coming from listing and entered by user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ting and entered by user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"722","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 3 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" 20/1/16 to _layout from results.ftl-->","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"723","alertRef":"10027"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"Commercial Plans ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":156,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"156","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"724","alertRef":"10109"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3032","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"734","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3033","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"735","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3064","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"736","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3065","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"737","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3066","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"738","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3068","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"740","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3069","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"741","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3071","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"742","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3072","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"743","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3075","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"744","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3081","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"745","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3091","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"746","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3104","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"747","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3116","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"748","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3124","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"749","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3128","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"752","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3146","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"753","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3147","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"754","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3148","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"755","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3158","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"756","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3159","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"757","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3160","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"758","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3164","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"760","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":160,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3168","inputVector":"","url":"https://www.nobroker.in/api/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"761","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3172","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"763","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3177","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"764","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3182","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"765","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3184","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"766","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3185","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"767","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3189","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"768","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3190","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"769","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3193","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"771","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3200","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"772","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3216","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"773","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3217","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"774","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3228","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"775","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3229","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"776","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3230","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"777","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3231","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"778","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3232","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"779","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3233","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"780","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3234","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"781","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3237","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"782","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3240","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"783","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3249,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3249","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"784","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3253","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"786","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3255,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3255","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"787","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3262","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"788","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3264","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"789","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3280","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"792","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3285","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"793","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3286","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"794","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3291","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"795","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3295","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"796","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3296","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"797","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3302","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"798","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3303","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"799","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3304","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"800","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3305","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"801","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3306","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"802","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3308","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"803","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3312","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"804","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3313","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"805","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3328","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"806","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3329","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"807","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3331","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"808","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3332","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"809","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3334,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3334","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"810","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3336","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"811","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3337,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3337","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"812","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3342","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"813","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3343","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"814","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3353","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"816","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3354","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"817","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3355","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"818","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3366","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"819","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3370","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"820","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3376","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"821","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3377","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"822","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3378","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"823","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3379","inputVector":"","url":"https://www.nobroker.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"824","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3380","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"825","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3383","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"826","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3384","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"827","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3385","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"828","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3400","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"829","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3404","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"831","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3407","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"833","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3408,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3408","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"834","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3412","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"835","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3420","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"836","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3422","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"837","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3423","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"838","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3426","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"841","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3427","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"842","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3431","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"843","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3434","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"844","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3446","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"845","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3447","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"846","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3449","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"847","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3450","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"848","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3451","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"849","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3452","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"850","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3456","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"851","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3457","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"852","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3459","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"853","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3462","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"854","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3468","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"855","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3469","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"856","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3470","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"857","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3472","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"858","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3473","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"859","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3478,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3478","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"860","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3484","inputVector":"","url":"https://www.nobroker.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"861","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3485","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"862","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3488","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"864","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3489","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"865","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3490","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"866","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3491","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"867","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3495,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3495","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"868","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3496","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"869","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":143,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3504","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"870","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":71,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3507","inputVector":"","url":"https://www.nobroker.in/nb-new/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"871","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3508","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"872","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3510","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"874","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3517","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"875","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3519","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"876","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3520","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"877","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3523","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"878","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3524","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"879","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3525","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"880","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3526","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"881","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3528","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"882","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3529","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"883","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3542","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"884","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3543","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"885","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3544","inputVector":"","url":"https://www.nobroker.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"886","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3545","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"887","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":87,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3546","inputVector":"","url":"https://www.nobroker.in/static/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"888","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3549","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"889","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3561,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3561","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"890","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":143,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3562","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"891","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3563","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"892","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3567","inputVector":"","url":"https://www.nobroker.in/property/listing/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"893","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3568","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"894","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3569","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"895","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3571","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"896","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3573","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"897","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3574","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"898","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3575","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"899","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3576","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"900","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3583","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"901","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3584","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"902","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3585","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"903","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3587","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"904","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3589","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"905","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3591","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"906","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3597","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"907","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3610","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"908","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3611","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"909","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3612","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"910","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3613","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"911","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/.env","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":143,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3620","inputVector":"","url":"https://www.nobroker.in/.env","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"912","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3621","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"913","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3622","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"914","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3627","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"915","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3628","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"916","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3635,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3635","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"918","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3636","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"919","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3637","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"920","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3638","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"921","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3640","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"922","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3641","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"923","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3642","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"924","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3645","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"925","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3646","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"926","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3647","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"927","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3650","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"928","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3651","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"929","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3655","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"930","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3656","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"931","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3664","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"932","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3675","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"933","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3678","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"934","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3679","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"935","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3684","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"936","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3685","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"937","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3686","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"938","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3687","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"939","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3695","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"940","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3696","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"941","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3697","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"942","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3698,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3698","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"943","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3699","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"944","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3700","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"945","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3701","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"946","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3706","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"947","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3707","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"948","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3710","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"949","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3711","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"950","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3712","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"951","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3715,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3715","inputVector":"","url":"https://www.nobroker.in/api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"952","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3717","inputVector":"","url":"https://www.nobroker.in/api/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"953","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3722","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"954","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3723","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"955","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":162,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3724","inputVector":"","url":"https://www.nobroker.in/api/v2/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"956","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3725","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"957","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3726,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3726","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"958","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3731,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3731","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"959","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3740","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"960","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3741","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"961","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3744","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"962","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3748","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"963","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3749","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"964","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3750","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"965","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3754","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"966","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3762","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"967","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3763","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"968","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3764","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"969","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3765","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"970","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3766","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"971","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3772","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"972","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3773","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"973","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3774","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"974","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3775","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"975","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3776,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3776","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"976","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":98,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3789","inputVector":"","url":"https://www.nobroker.in/api/v3/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"977","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v4/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3790","inputVector":"","url":"https://www.nobroker.in/api/v4/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"978","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3791","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"979","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3797","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"980","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3798","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"981","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3799","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"982","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3800","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"983","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3811","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"984","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3812","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"985","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3816","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"986","alertRef":"10104"},{"nodeName":"https://www.nobroker.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3817,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3817","inputVector":"","url":"https://www.nobroker.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"987","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3818","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"988","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3819","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"989","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":120,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3820","inputVector":"","url":"https://www.nobroker.in/user/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"990","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3821","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"991","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3822,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3822","inputVector":"","url":"https://www.nobroker.in/api/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"992","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3823","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"993","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3832","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"994","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3833","inputVector":"","url":"https://www.nobroker.in/profile/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"995","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3834","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"996","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3836","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"997","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3837","inputVector":"","url":"https://www.nobroker.in/sy/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"998","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":96,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3842","inputVector":"","url":"https://www.nobroker.in/resetPassword/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"999","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3850","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1000","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3851","inputVector":"","url":"https://www.nobroker.in/v5/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1001","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":112,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3857","inputVector":"","url":"https://www.nobroker.in/verify/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1002","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3858","inputVector":"","url":"https://www.nobroker.in/nb-vip/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1003","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3859","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1004","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":101,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3861","inputVector":"","url":"https://www.nobroker.in/NOBRKR/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1005","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3862","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1006","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3866","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1007","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3869,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3869","inputVector":"","url":"https://www.nobroker.in/api/v2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1008","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3870","inputVector":"","url":"https://www.nobroker.in/sv/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1009","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3871","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1010","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":115,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3872","inputVector":"","url":"https://www.nobroker.in/config/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1011","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3875","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1012","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3876","inputVector":"","url":"https://www.nobroker.in/v1/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1013","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3877,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3877","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1014","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3883","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1015","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3884","inputVector":"","url":"https://www.nobroker.in/admin/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1016","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3885","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1017","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3886","inputVector":"","url":"https://www.nobroker.in/api/v3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1018","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3895,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3895","inputVector":"","url":"https://www.nobroker.in/api/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1019","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3900","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1020","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3901,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3901","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1021","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/* (amp)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":151,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3902","inputVector":"","url":"https://www.nobroker.in/*?amp=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1022","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/*/notification","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3903","inputVector":"","url":"https://www.nobroker.in/api/v1/*/notification","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1023","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3904","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1024","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3905","inputVector":"","url":"https://www.nobroker.in/api/v2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1025","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/NOBRKR","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3906","inputVector":"","url":"https://www.nobroker.in/NOBRKR","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1026","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3913,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3913","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1027","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3920,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3920","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1028","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3927,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3927","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1029","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3933","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1030","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/_proxy_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3941","inputVector":"","url":"https://www.nobroker.in/_proxy_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1031","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3942","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1032","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v3","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3948","inputVector":"","url":"https://www.nobroker.in/api/v3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1033","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v2","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3949","inputVector":"","url":"https://www.nobroker.in/api/v2","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1034","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v1/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3960,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3960","inputVector":"","url":"https://www.nobroker.in/api/v1/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1036","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3961","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1037","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3962","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1038","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3971,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3971","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1040","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3986","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1043","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3988,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3988","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1045","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/admin","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":89,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3995","inputVector":"","url":"https://www.nobroker.in/admin","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1047","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3998,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"3998","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1048","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4000,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4000","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1049","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4009","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1052","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":150,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4010","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1053","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4011,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4011","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1054","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/api/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4012,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4012","inputVector":"","url":"https://www.nobroker.in/api/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1055","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4021,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4021","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1058","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4026,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4026","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1059","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4031,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4031","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1061","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4036","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1063","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4040,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4040","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1064","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4041,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4041","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1065","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4044,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4044","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1066","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/chat","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":150,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4045","inputVector":"","url":"https://www.nobroker.in/chat","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1067","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4054,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4054","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1069","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4057,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4057","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1071","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4058,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4058","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1072","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4059","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1073","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4061,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4061","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1074","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4075,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4075","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1075","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4080,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4080","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1077","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4081,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4081","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1078","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4083","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1079","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4097,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4097","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1080","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4100,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4100","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1082","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4102,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4102","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1083","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4103","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1084","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4104","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1085","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4105,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4105","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1086","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4110,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4110","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1087","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4119","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1089","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4121,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4121","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1090","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4125","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1091","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4133,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4133","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1092","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4142","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1093","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4143,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4143","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1094","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4144","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1095","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4147,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4147","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1097","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4152","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1098","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4153,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4153","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1099","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4155,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4155","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1100","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4156","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1101","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4170","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1103","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4172,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4172","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1104","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4174,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4174","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1105","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4178,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4178","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1106","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4183,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4183","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1107","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4184,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4184","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1108","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4191,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4191","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1109","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4194,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4194","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1110","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4199,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4199","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1111","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4208,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4208","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1112","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4209,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4209","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1113","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4216","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1114","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4222","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1115","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4230","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1116","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4231","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1117","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4232","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1118","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4238,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4238","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1119","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4240,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4240","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1120","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4243,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4243","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1121","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4247","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1122","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4250,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4250","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1123","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4252","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1124","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4260,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4260","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1125","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4265","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1126","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4266","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1127","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4267,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4267","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1128","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4268","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1129","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4269,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4269","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1130","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4271,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4271","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1131","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4278","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1132","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4279,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4279","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1133","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4280,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4280","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1134","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4281,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4281","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1135","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4283,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4283","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1136","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4288,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4288","inputVector":"","url":"https://www.nobroker.in/nb-nbex","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1137","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4289","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1138","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4299","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1139","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4300","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1140","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4301,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4301","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1141","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4304","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1142","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4305,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4305","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1143","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4309","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1144","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4311,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4311","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1145","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4312","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1146","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4314,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4314","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1147","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4317","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1148","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4325,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4325","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1149","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/config","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4326,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4326","inputVector":"","url":"https://www.nobroker.in/config","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1150","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4329,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4329","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1151","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4331,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4331","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1152","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4332","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1153","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4334,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4334","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1154","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4339","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1155","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4342","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1156","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4344,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4344","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1157","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4350,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4350","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1158","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4351,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4351","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1159","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4355,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4355","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1160","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4356","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1161","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4357","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1162","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4361,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4361","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1163","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4362","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1164","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4366","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1165","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4371,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4371","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1166","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/public","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":130,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4373","inputVector":"","url":"https://www.nobroker.in/nb-nbex/public","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1167","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4376,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4376","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1168","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4384","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1169","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4387","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1170","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4388","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1171","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4390","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1172","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4397,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4397","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1173","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-nbex/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4398,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4398","inputVector":"","url":"https://www.nobroker.in/nb-nbex/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1174","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4400","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1175","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4406,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4406","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1176","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4409","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1177","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4410,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4410","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1178","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4417,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4417","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1179","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app_","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4418","inputVector":"","url":"https://www.nobroker.in/app_","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1180","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4430,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4430","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1181","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4436","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1182","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4438","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1183","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4440,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4440","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1184","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4443,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4443","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1185","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4448,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4448","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1186","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4449","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1187","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4450","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1188","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4451,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4451","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1189","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4452","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1190","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/hs-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4453,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4453","inputVector":"","url":"https://www.nobroker.in/hs-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1191","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4458,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4458","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1192","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4464,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4464","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1193","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4465,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4465","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1194","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4467","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1195","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4468","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1196","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4471,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4471","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1197","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4472,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4472","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1198","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4478,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4478","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1199","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4479","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1200","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4482","inputVector":"","url":"https://www.nobroker.in/nb-cms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1201","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4487,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4487","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1202","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4489,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4489","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1203","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4491,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4491","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1204","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4494","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1205","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4500","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1206","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4503,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4503","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1207","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4508","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1208","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4509,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4509","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1209","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4511,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4511","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1210","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4514,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4514","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1211","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/static","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4519,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4519","inputVector":"","url":"https://www.nobroker.in/static","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1212","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4523,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4523","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1213","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4526","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1214","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4528","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1215","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4531,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4531","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1216","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4533,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4533","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1217","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4536,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4536","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1218","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/profile","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4538,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4538","inputVector":"","url":"https://www.nobroker.in/profile","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1219","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4540","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1220","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4541,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4541","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1221","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4547,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4547","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1222","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4549","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1223","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4555","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1224","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4557,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4557","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1225","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4558,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4558","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1226","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4560","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1227","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4561,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4561","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1228","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4562,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4562","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1229","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4563,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4563","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1230","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4568","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1231","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4569,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4569","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1232","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property/listing","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4571,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4571","inputVector":"","url":"https://www.nobroker.in/property/listing","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1233","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4573,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4573","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1234","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4575,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4575","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1235","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4579,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4579","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1236","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4580,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4580","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1237","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4583,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4583","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1238","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4585,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4585","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1239","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4586","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1240","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4590,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4590","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1241","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4591,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4591","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1242","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4598,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4598","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1243","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4599,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4599","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1244","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4600,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4600","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1245","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4602,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4602","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1246","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4604,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4604","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1247","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4608","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1248","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4609,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4609","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1249","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4611,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4611","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1250","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4616,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4616","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1251","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4618,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4618","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1252","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4620","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1253","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4621,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4621","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1254","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4624,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4624","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1255","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4627","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1256","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4628,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4628","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1257","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4630,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4630","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1258","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-cms-api","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4633","inputVector":"","url":"https://www.nobroker.in/nb-cms-api","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1259","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4634,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4634","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1260","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4636,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4636","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1261","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4638,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4638","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1262","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4641,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4641","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1263","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4643,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4643","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1264","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/signout","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4653","inputVector":"","url":"https://www.nobroker.in/signout","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1265","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4654,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4654","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1266","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4656,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4656","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1267","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4657","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1268","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4658","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1269","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4659,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4659","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1270","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4660,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4660","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1271","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-prophub-ui","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4661,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4661","inputVector":"","url":"https://www.nobroker.in/nb-prophub-ui","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1272","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4666","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1273","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4669,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4669","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1274","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4670,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4670","inputVector":"","url":"https://www.nobroker.in/nb-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1275","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4671,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4671","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1276","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4672,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4672","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1277","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4679,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4679","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1278","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4681,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4681","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1279","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4682","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1280","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4683","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1281","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4684","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1282","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4686,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4686","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1283","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/nb-vip","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4688,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4688","inputVector":"","url":"https://www.nobroker.in/nb-vip","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1284","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4690,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4690","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1285","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4692,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4692","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1286","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4695,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4695","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1287","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4698,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4698","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1288","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4700","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1289","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/redirect","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":73,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4702","inputVector":"","url":"https://www.nobroker.in/redirect","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1290","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4704,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4704","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1291","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4707,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4707","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1292","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4709,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4709","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1293","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4711,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4711","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1294","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4714","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1295","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4716","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1296","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4718","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1297","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4720","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1298","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4722","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1299","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4724","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1300","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4726,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4726","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1301","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4728,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4728","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1302","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/resetPassword","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4730,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4730","inputVector":"","url":"https://www.nobroker.in/resetPassword","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1303","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4732,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4732","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1304","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/property","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4734,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4734","inputVector":"","url":"https://www.nobroker.in/property","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1305","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4736,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4736","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1306","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4740,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4740","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1307","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4741,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4741","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1308","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v5","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4742","inputVector":"","url":"https://www.nobroker.in/v5","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1309","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4744,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4744","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1310","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4748","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1311","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4749,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4749","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1312","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4750,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4750","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1313","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4752,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4752","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1314","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4754,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4754","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1315","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4756,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4756","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1316","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4758,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4758","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1317","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/user","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4760,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4760","inputVector":"","url":"https://www.nobroker.in/user","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1318","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4762,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4762","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1319","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4764","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1320","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4766,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4766","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1321","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4768","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1322","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/verify","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4770","inputVector":"","url":"https://www.nobroker.in/verify","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1323","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4773,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4773","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1324","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4774,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4774","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1325","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4776,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4776","inputVector":"","url":"https://www.nobroker.in/sy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1326","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4778,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4778","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1327","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/sv","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4780","inputVector":"","url":"https://www.nobroker.in/sv","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1328","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4782,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4782","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1329","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/v1","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4784,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4784","inputVector":"","url":"https://www.nobroker.in/v1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1330","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4786","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1331","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4788","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1332","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4790","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1333","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4792","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1334","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4794","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1335","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4796","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1336","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4798","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1337","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4800","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1338","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4802","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1339","alertRef":"10104"},{"nodeName":"https://www.nobroker.in/app (type)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":74,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4804","inputVector":"","url":"https://www.nobroker.in/app?type","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1340","alertRef":"10104"}]},"vulnerability_types":{"Missing Anti-clickjacking Header":9,"Re-examine Cache-control Directives":13,"Content Security Policy (CSP) Header Not Set":15,"Cross-Domain JavaScript Source File Inclusion":188,"Modern Web Application":13,"Retrieved from Cache":4,"Strict-Transport-Security Header Not Set":5,"Sub Resource Integrity Attribute Missing":105,"X-Content-Type-Options Header Missing":16,"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)":14,"Cookie No HttpOnly Flag":61,"Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)":16,"CSP: Failure to Define Directive with No Fallback":1,"Loosely Scoped Cookie":16,"Session Management Response Identified":19,"Cookie without SameSite Attribute":60,"Cookie Without Secure Flag":15,"Charset Mismatch (Header Versus Meta Content-Type Charset)":2,"Charset Mismatch (Header Versus Meta Charset)":2,"Absence of Anti-CSRF Tokens":12,"Information Disclosure - Debug Error Messages":2,"Information Disclosure - Suspicious Comments":8,"User Agent Fuzzer":571},"owasp_top10":{"Unmapped / Other":1134,"A05: Security Misconfiguration":21,"A01: Broken Access Control":12}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69f12fd2d40a4d0c15017e02"},"created_at":{"$date":"2026-04-28T22:08:18.696Z"},"url":"https://cmogujarat.gov.in/en","tool":"owaspzap","result":{"status":"completed","target_url":"https://cmogujarat.gov.in/en","scan_timestamp":"20260428_191607","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":0,"urls_list":[],"duration":1801.3859493732452},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":0.007275819778442383},"passive_scan":{"status":"completed","duration":1200.5656802654266},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"cmogujarat.gov.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":7201.135904550552},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69f3067a79310f972a6f4adf"},"created_at":{"$date":"2026-04-30T07:36:26.060Z"},"url":"https://anveshaktool.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://anveshaktool.in/","scan_timestamp":"20260430_073112","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":7,"urls_list":["https://anveshaktool.in/robots.txt","https://anveshaktool.in/sitemap.xml","https://anveshaktool.in/","https://anveshaktool.in/favicon.ico","https://anveshaktool.in/manifest.json","https://anveshaktool.in/logo192.png","https://anveshaktool.in/static/js/bundle.js"],"duration":10.03996467590332},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06443357467651},"passive_scan":{"status":"completed","duration":0.006345510482788086},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"anveshaktool.in","open_ports":[80,443,8080,8443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":90.03304195404053},"vulnerabilities":{"total_alerts":113,"high_risk":0,"medium_risk":10,"low_risk":22,"informational":81,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"0","alertRef":"10020-1"},{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2","alertRef":"10038-1"},{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":1,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"3","alertRef":"10098"},{"nodeName":"https://anveshaktool.in/favicon.ico","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":13,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"13","inputVector":"","url":"https://anveshaktool.in/favicon.ico","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"11","alertRef":"10098"},{"nodeName":"https://anveshaktool.in/logo192.png","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":15,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"15","inputVector":"","url":"https://anveshaktool.in/logo192.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"14","alertRef":"10098"},{"nodeName":"https://anveshaktool.in/sitemap.xml","sourceid":"3","other":"The directive(s): frame-ancestors, form-action is/are among the directives that do not fallback to default-src.","method":"GET","evidence":"default-src 'none'","pluginId":"10055","cweid":"693","confidence":"High","sourceMessageId":7,"wascid":"15","description":"The Content Security Policy fails to define one of the directives that has no fallback. Missing/excluding them is the same as allowing anything.","messageId":"7","inputVector":"","url":"https://anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://www.w3.org/TR/CSP/\nhttps://caniuse.com/#search=content+security+policy\nhttps://content-security-policy.com/\nhttps://github.com/HtmlUnit/htmlunit-csp\nhttps://web.dev/articles/csp#resource-options","solution":"Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.","alert":"CSP: Failure to Define Directive with No Fallback","param":"content-security-policy","attack":"","name":"CSP: Failure to Define Directive with No Fallback","risk":"Medium","id":"15","alertRef":"10055-13"},{"nodeName":"https://anveshaktool.in/sitemap.xml","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":7,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"7","inputVector":"","url":"https://anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"21","alertRef":"10098"},{"nodeName":"https://anveshaktool.in/manifest.json","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":14,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"14","inputVector":"","url":"https://anveshaktool.in/manifest.json","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"22","alertRef":"10098"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js","sourceid":"3","other":"The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.","method":"GET","evidence":"access-control-allow-origin: *","pluginId":"10098","cweid":"264","confidence":"Medium","sourceMessageId":16,"wascid":"14","description":"Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.","messageId":"16","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-264":"https://cwe.mitre.org/data/definitions/264.html"},"reference":"https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy","solution":"Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).\nConfigure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.","alert":"Cross-Domain Misconfiguration","param":"","attack":"","name":"Cross-Domain Misconfiguration","risk":"Medium","id":"41","alertRef":"10098"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js/","sourceid":"1","other":"","method":"GET","evidence":"directory","pluginId":"0","cweid":"548","confidence":"Low","sourceMessageId":16,"wascid":"48","description":"It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.","messageId":"217","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_API":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","CWE-548":"https://cwe.mitre.org/data/definitions/548.html","POLICY_PENTEST":"","API_2023_API8":"https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","POLICY_QA_CICD":"","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#options","solution":"Disable directory browsing. If this is required, make sure the listed files does not induce risks.","alert":"Directory Browsing","param":"","attack":"https://anveshaktool.in/static/js/bundle.js/","name":"Directory Browsing","risk":"Medium","id":"61","alertRef":"0"}],"Low":[{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"7","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"8","alertRef":"10021"},{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"9","alertRef":"10037"},{"nodeName":"https://anveshaktool.in/favicon.ico","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":13,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"13","inputVector":"","url":"https://anveshaktool.in/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"13","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/logo192.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":15,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"15","inputVector":"","url":"https://anveshaktool.in/logo192.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"18","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":6,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"6","inputVector":"","url":"https://anveshaktool.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"19","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/favicon.ico","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":13,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"13","inputVector":"","url":"https://anveshaktool.in/favicon.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"20","alertRef":"10021"},{"nodeName":"https://anveshaktool.in/logo192.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":15,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"15","inputVector":"","url":"https://anveshaktool.in/logo192.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"24","alertRef":"10021"},{"nodeName":"https://anveshaktool.in/robots.txt","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":6,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"6","inputVector":"","url":"https://anveshaktool.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"25","alertRef":"10021"},{"nodeName":"https://anveshaktool.in/favicon.ico","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":13,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"13","inputVector":"","url":"https://anveshaktool.in/favicon.ico","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"26","alertRef":"10037"},{"nodeName":"https://anveshaktool.in/logo192.png","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":15,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"15","inputVector":"","url":"https://anveshaktool.in/logo192.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"28","alertRef":"10037"},{"nodeName":"https://anveshaktool.in/manifest.json","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":14,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"14","inputVector":"","url":"https://anveshaktool.in/manifest.json","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"30","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":7,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"7","inputVector":"","url":"https://anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"32","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/manifest.json","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":14,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"14","inputVector":"","url":"https://anveshaktool.in/manifest.json","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"34","alertRef":"10021"},{"nodeName":"https://anveshaktool.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":7,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"7","inputVector":"","url":"https://anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"36","alertRef":"10037"},{"nodeName":"https://anveshaktool.in/manifest.json","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":14,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"14","inputVector":"","url":"https://anveshaktool.in/manifest.json","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"37","alertRef":"10037"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js","sourceid":"3","other":"10.1.9.34\n10.8.1.1\n10.8.1.1\n172.16.16.35:8501\n192.168.0.69:5000\n","method":"GET","evidence":"10.1.9.34","pluginId":"2","cweid":"497","confidence":"Medium","sourceMessageId":16,"wascid":"13","description":"A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.","messageId":"16","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc1918","solution":"Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.","alert":"Private IP Disclosure","param":"","attack":"","name":"Private IP Disclosure","risk":"Low","id":"42","alertRef":"2"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":16,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"16","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"57","alertRef":"10035-1"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js","sourceid":"3","other":"1645185067, which evaluates to: 2022-02-18 11:51:07.","method":"GET","evidence":"1645185067","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":16,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"16","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"58","alertRef":"10096"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":16,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"16","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"59","alertRef":"10021"},{"nodeName":"https://anveshaktool.in/static/js/bundle.js","sourceid":"3","other":"","method":"GET","evidence":"x-powered-by: Express","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":16,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"16","inputVector":"","url":"https://anveshaktool.in/static/js/bundle.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"60","alertRef":"10037"},{"nodeName":"http://anveshaktool.in/robots.txt","sourceid":"1","other":"ZAP attempted to connect via: http://anveshaktool.in/robots.txt","method":"GET","evidence":"http://anveshaktool.in/robots.txt","pluginId":"10047","cweid":"311","confidence":"Medium","sourceMessageId":6,"wascid":"4","description":"Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).","messageId":"315","inputVector":"","url":"https://anveshaktool.in/robots.txt","tags":{"OWASP_2025_A04":"https://owasp.org/Top10/2025/A04_2025-Cryptographic_Failures/","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_FULL":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-CRYP-03":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels","CWE-311":"https://cwe.mitre.org/data/definitions/311.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to only serve such content via HTTPS. Consider implementing HTTP Strict Transport Security.","alert":"HTTPS Content Available via HTTP","param":"","attack":"","name":"HTTPS Content Available via HTTP","risk":"Low","id":"62","alertRef":"10047"}],"Informational":[{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"1","inputVector":"","url":"https://anveshaktool.in/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1","alertRef":"10015"},{"nodeName":"https://anveshaktool.in/","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ent social previews from picking a large tit","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2","alertRef":"10027"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3","alertRef":"10109"},{"nodeName":"https://pro.anveshaktool.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":23,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"23","inputVector":"","url":"https://pro.anveshaktool.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"12","alertRef":"10015"},{"nodeName":"https://pro.anveshaktool.in/assets/chunk-maps.Dgihpmma.css","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 55","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":22,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"22","inputVector":"","url":"https://pro.anveshaktool.in/assets/chunk-maps.Dgihpmma.css","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"14","alertRef":"10050-2"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ent social previews from picking a large tit","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":6,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"6","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"23","alertRef":"10027"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":6,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"6","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"25","alertRef":"10109"},{"nodeName":"https://pro.anveshaktool.in/assets/index.BpD8wi1l.css","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 29","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":32,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"32","inputVector":"","url":"https://pro.anveshaktool.in/assets/index.BpD8wi1l.css","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"31","alertRef":"10050-2"},{"nodeName":"https://pro.anveshaktool.in/assets/chunk-time.zp-6qPUz.js","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 29","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":20,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"20","inputVector":"","url":"https://pro.anveshaktool.in/assets/chunk-time.zp-6qPUz.js","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"34","alertRef":"10050-2"},{"nodeName":"https://pro.anveshaktool.in/assets/vendor.B6Uj8dBk.js","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 60","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":29,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"29","inputVector":"","url":"https://pro.anveshaktool.in/assets/vendor.B6Uj8dBk.js","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"37","alertRef":"10050-2"},{"nodeName":"https://pro.anveshaktool.in/assets/chunk-maps.CgbOPjNH.js","sourceid":"3","other":"The presence of the 'Age' header indicates that a HTTP/1.1 compliant caching server is in use.","method":"GET","evidence":"Age: 52","pluginId":"10050","cweid":"525","confidence":"Medium","sourceMessageId":31,"wascid":"-1","description":"The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.","messageId":"31","inputVector":"","url":"https://pro.anveshaktool.in/assets/chunk-maps.CgbOPjNH.js","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://datatracker.ietf.org/doc/html/rfc7234\nhttps://datatracker.ietf.org/doc/html/rfc7231\nhttps://www.rfc-editor.org/rfc/rfc9110.html","solution":"Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:\nCache-Control: no-cache, no-store, must-revalidate, private\nPragma: no-cache\nExpires: 0\nThis configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.","alert":"Retrieved from Cache","param":"","attack":"","name":"Retrieved from Cache","risk":"Informational","id":"66","alertRef":"10050-2"},{"nodeName":"https://pro.anveshaktool.in/assets/chunk-pdf.CsNv1Okx.js","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 2 times, the first in likely comment: \"/**\n * @license\n * Joseph Myers does not specify a particular license for his work.\n *\n * Author: Joseph Myers\n * Accessed from:\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"h Myers\n * Accessed from: http://www.myersda","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":30,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"30","inputVector":"","url":"https://pro.anveshaktool.in/assets/chunk-pdf.CsNv1Okx.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"69","alertRef":"10027"},{"nodeName":"https://pro.anveshaktool.in/assets/vendor-react.Che5oQJX.js","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 2 times, the first in likely comment: \"/*!\n * The buffer module from node.js, for the browser.\n *\n * @author Feross Aboukhadijeh \n * @license MI\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"* The buffer module from node.js, for the br","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":33,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"33","inputVector":"","url":"https://pro.anveshaktool.in/assets/vendor-react.Che5oQJX.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"90","alertRef":"10027"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"369","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"94","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":371,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"371","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"95","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"374","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"96","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":379,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"379","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"97","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"381","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"98","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"386","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"99","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"387","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"100","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"414","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"101","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"416","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"102","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":418,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"418","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"103","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"431","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"104","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"434","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"105","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"454","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"106","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":458,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"458","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"107","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":466,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"466","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"108","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":473,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"473","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"109","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":485,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"485","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"110","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"491","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"111","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":494,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"494","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"112","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"506","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"113","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"515","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"114","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"521","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"115","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":525,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"525","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"116","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":529,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"529","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"117","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"537","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"118","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":539,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"539","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"119","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"547","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"120","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":548,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"548","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"121","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":558,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"558","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"122","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"560","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"123","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":564,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"564","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"124","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":568,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"568","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"125","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"570","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"126","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":574,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"574","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"127","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"576","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"128","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"578","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"129","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"581","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"130","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"583","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"131","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":585,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"585","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"132","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"590","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"133","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":592,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"592","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"134","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":596,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"596","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"135","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"598","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"136","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"600","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"137","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":6,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"602","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"138","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":605,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"605","inputVector":"","url":"https://pro.anveshaktool.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"139","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":608,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"608","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"140","alertRef":"10104"},{"nodeName":"https://pro.anveshaktool.in/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":611,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"611","inputVector":"","url":"https://pro.anveshaktool.in/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"141","alertRef":"10104"}]},"vulnerability_types":{"Missing Anti-clickjacking Header":2,"Content Security Policy (CSP) Header Not Set":2,"Information Disclosure - Suspicious Comments":4,"Modern Web Application":2,"Strict-Transport-Security Header Not Set":15,"Sub Resource Integrity Attribute Missing":2,"X-Content-Type-Options Header Missing":15,"Re-examine Cache-control Directives":1,"Retrieved from Cache":5,"Timestamp Disclosure - Unix":36,"HTTPS Content Available via HTTP":1,"User Agent Fuzzer":48},"owasp_top10":{"Unmapped / Other":103,"A05: Security Misconfiguration":30}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69fae695b385e2dbc2a7adca"},"created_at":{"$date":"2026-05-06T06:58:29.312Z"},"url":"https://bilucky.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://bilucky.com/","scan_timestamp":"20260506_064445","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"1","status":"completed","urls_found":278,"urls_list":["https://mpsedc.mp.gov.in/sitemap.xml","https://mpsedc.mp.gov.in/robots.txt","https://mpsedc.mp.gov.in/","https://mpsedc.mp.gov.in/SimhasthaTechHackathon.html","https://mpsedc.mp.gov.in/esdm-units","https://mpsedc.mp.gov.in/uidaicenter/Districtwisecount.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05102023121831ITES%20ESDM%20%E0%A4%A8%E0%A5%80%E0%A4%A4%E0%A5%80%20%E0%A4%B5%E0%A5%83%E0%A4%A6%E0%A5%8D%E0%A4%A7_0001.pdf","https://mpsedc.mp.gov.in/mpitinvestment/","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05122024011620Result%20of%20Interns.pdf","https://mpsedc.mp.gov.in/securityaudit/","https://mpsedc.mp.gov.in/assets/mpsedc_flaticon/flaticon.css","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05122024012015Result%20of%20Interns.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/30122025080043GET%20Result%20B3%20&%20B4%20(1).pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/09022025011500Candidates%20who%20missed%20the%20MPSEDC%20Campus%20Recruitment%20on%207th%20&%208th%20February%202025%20have%20a%20final%20opportunity%20to%20appear%20on%2010th%20February%202025%20with%20Guideline%20(2).pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023443data-gov.png","https://mpsedc.mp.gov.in/assets/mpsedc_js/flexslider.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023522india-gov.png","https://mpsedc.mp.gov.in/aitechworkshop/","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/06122024024614Result%20Sheet%20Interns%20batch%203%20&%204%202024.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/bootstrap.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/30082025015255RECRUITMENT.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_css/style.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025850IT%20Park%20Jabalpur%201.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024032455Interns%20Final%20Result.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_fonts/style.css","https://mpsedc.mp.gov.in/assets/mpsedc_js/fancybox.min.js","https://mpsedc.mp.gov.in/assets/mpsedc_js/jquery.modern-ticker.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030453Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/js/bootsnav.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/29032026030325NOTICE_IFMS_Rechedule%20.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023500digital-india.png","https://mpsedc.mp.gov.in/images/dairy-img.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030845Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024051335Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/jquery.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024032109Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/newsbox.js","https://mpsedc.mp.gov.in/assets/mpsedc_js/script.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025916SDC.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/modern-ticker.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/php-email-form/validate.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/010920200543162.jpg","https://mpsedc.mp.gov.in/assets/img/favicon.ico","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05122024111812result.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/language_icon.png","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030359Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/slick.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030554Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/17112025062215GET%20Half%20Yearly%20Result%20Batch%201%20&%20Batch%202%20(1).pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/header/28072020125926mplogo.png","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05112024114702Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024031106Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/Round-2-Result.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/logo.png","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/07022025043038Campus%20Recruitment%20Guideline%20&%20Reschedule%20for%202nd%20Round.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/CSS/jquery.countdownTimer.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/owl.theme.default.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/09042026055123Yearly%20Assessment%20Result%20of%20GET%20B1%20%20B2.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/03092025025820MP%20SpaceTech%20Policy%202025%20Draft.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=rGITHAyDD8w+YYuZUaB0JQ==&page=document-list","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024033327Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/index.html","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/owl.carousel.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/Draft%20MP%20AVGC-XR%20Policy.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/owl.carousel.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/main.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/05052026084729Batch%205%20&%206%20Half-Yearly%20Assessment%20Result%20Declared%20on%2004%20May%202026.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/07082024060728Draft%20MP%20AVGC-XR%20Policy.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025659Gwalior%20IT%20Park%201.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/glightbox/css/glightbox.min.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/bootstrap/js/bootstrap.bundle.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/aos/aos.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025434IT%20Park%20Bhopal%201.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/01092020054704Swan.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024034149Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/glightbox/js/glightbox.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Tower%20Policy%20Amendments.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/fontawesome-free/css/all.min.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/swiper/swiper-bundle.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/accessibility.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/first_prize_icon.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/jquery.modern-ticker.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/jquery-3.7.1.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/10122024030121Madhya%20Pradesh%20GCC%20Policy%202024.pdf","https://mpsedc.mp.gov.in/images/hackathon.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023554my-gov.png","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/MPSEDC%20CSR%20Policy.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/purecounter/purecounter_vanilla.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025632IT%20Park%20Indore%201.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/second_prize_icon.png","https://mpsedc.mp.gov.in/mpitinvestment/css/site.css?v=83wfcsOTahQahsaczV_9oPoJGsJg3IjC_9_PBzv2A2w","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/aos/aos.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/05112024115928Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/swiper/swiper-bundle.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023537mp-online.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/jquery.countdownTimer.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/06022025114359CAMPUS%20RECRUITMENT%202ND%20ROUND.pdf","https://mpsedc.mp.gov.in/mpitinvestment/SSOLogin","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061244Indore%20Sinhasa%20Banner.jpg","https://mpsedc.mp.gov.in/mpitinvestment/SignUp","https://mpsedc.mp.gov.in/mpitinvestment/ForgetUser","https://mpsedc.mp.gov.in/mpitinvestment/js/helpers/ip-util-prod.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/23022025100259policies%20banner.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/18032025034017Result_Campus%20Recruitment%20Drive.pdf","https://mpsedc.mp.gov.in/mpitinvestment/css/public_pages.css?v=itRNH8CYsKs92HE34PEOncRpZYUYCKnDVYZ6vd4_yqA","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/160220240508493rd%20Month%20Assessment%20Result%20Batch%201%20&%20Batch%202.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/cup.png","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061215Gwalior%20Malanpur%20Banner.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/3%20-%20User%20Manual%20-%20Applying%20for%20Subsidies%20&%20Incentives.pdf","https://mpsedc.mp.gov.in/assets/img/apple-touch-icon.png","https://mpsedc.mp.gov.in/securityaudit/objectives.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/mpsedc.png","https://mpsedc.mp.gov.in/securityaudit/Login.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/banner.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/bootstrap-icons/bootstrap-icons.css","https://mpsedc.mp.gov.in/mpitinvestment/ForgetPassword","https://mpsedc.mp.gov.in/securityaudit/css/morris.css","https://mpsedc.mp.gov.in/Uploaded%20Document/header/28072020125926mpsedclogo.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/GooglePay.svg","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/10022025111047candidates%20for%2011th%20feb.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/barCode.png","https://mpsedc.mp.gov.in/securityaudit/guidlines.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/resultPDF.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_css/modern-ticker.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/MP%20MSMED%20Policy%202021%20Booklet%20English.pdf","https://mpsedc.mp.gov.in/PrototypeSubmission.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/third_prize_icon.png","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023606standup-india.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/AppStore.svg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/bootstrap/css/bootstrap.min.css","https://mpsedc.mp.gov.in/securityaudit/css/bootsnav.css","https://mpsedc.mp.gov.in/mpitinvestment/bootstrap-icons/font/bootstrap-icons.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/whocan.png","https://mpsedc.mp.gov.in/securityaudit/css/select2.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/29%20Industrial%20Promotion%20Policy%202014%20(Amended%20October%202019).pdf","https://mpsedc.mp.gov.in/securityaudit/css/style.default.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061108EMC%20Bhopal%20Banner.jpg","https://mpsedc.mp.gov.in/assets/mpsedc_js/tickerme.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/06022025113300CAMPUS%20RECRUITMENT%202ND%20ROUND.pdf","https://mpsedc.mp.gov.in/mpitinvestment/js/site.js?v=geC4fLjW1nHR4ssQOfjf9PIai-_4nM2mkUBEE-1Nd9o","https://mpsedc.mp.gov.in/securityaudit/js/modernizr.min.js","https://mpsedc.mp.gov.in/mpitinvestment/js/helpers/md5.js","https://mpsedc.mp.gov.in/securityaudit/css/stylenew.css","https://mpsedc.mp.gov.in/securityaudit/css/overwrite.css","https://mpsedc.mp.gov.in/mpitinvestment/bootstrap-icons/font/bootstrap-icons.min.css","https://mpsedc.mp.gov.in/mpitinvestment/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/timeline.png","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/160720240122066%20Monthly%20Assessment%20Result.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061311Purva%20Jabalpur%20Banner.jpg","https://mpsedc.mp.gov.in/securityaudit/js/bootstrap.min.js","https://mpsedc.mp.gov.in/securityaudit/Request.aspx","https://mpsedc.mp.gov.in/mpitinvestment/js/controllers/sign-up.js?v=Qm1dmRQKGLegbP1o4pGmNhOqGZwWcldiBvXuiMWw0ic","https://mpsedc.mp.gov.in/securityaudit/js/jquery-migrate-1.2.1.min.js","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap/dist/css/bootstrap.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Industrial%20Promotion%20Policy%202014%20Amended%20October%202019.pdf","https://mpsedc.mp.gov.in/SubmissionForm.aspx","https://mpsedc.mp.gov.in/SimhasthaTechHackathon.aspx","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap/dist/js/bootstrap.bundle.min.js","https://mpsedc.mp.gov.in/securityaudit/js/jquery.cookies.js","https://mpsedc.mp.gov.in/mpitinvestment/Login/Authenticate","https://mpsedc.mp.gov.in/securityaudit/js/flot/jquery.flot.resize.min.js","https://mpsedc.mp.gov.in/securityaudit/js/retina.min.js","https://mpsedc.mp.gov.in/mpitinvestment/login/index","https://mpsedc.mp.gov.in/securityaudit/js/jquery-1.11.1.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/main.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/2%20IT%20Policy%202006.pdf","https://mpsedc.mp.gov.in/mpitinvestment/lib/jquery/dist/jquery.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05112024110612Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/28%20Gazette%20Notification%20for%20FAR.pdf","https://mpsedc.mp.gov.in/mpitinvestment","https://mpsedc.mp.gov.in/mpitinvestment/js/controllers/forgotuser.js","https://mpsedc.mp.gov.in/mpitinvestment/SignUp?EnterOTP=ZAP","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap-datepicker/bootstrap-datepicker.min.css","https://mpsedc.mp.gov.in/securityaudit/js/flot/jquery.flot.min.js","https://mpsedc.mp.gov.in/securityaudit/js/flot/jquery.flot.spline.min.js","https://mpsedc.mp.gov.in/securityaudit/js/bootstrap-wizard.min.js","https://mpsedc.mp.gov.in/mpitinvestment/js/controllers/forgotpassword.js","https://mpsedc.mp.gov.in/mpitinvestment/lib/jquery-validation/dist/jquery.validate.min.js","https://mpsedc.mp.gov.in/User","https://mpsedc.mp.gov.in/securityaudit/images/wave/wave-01.png","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap-datepicker/bootstrap-datepicker.min.js","https://mpsedc.mp.gov.in/securityaudit/images/28072020125926mpsedclogo.png","https://mpsedc.mp.gov.in/securityaudit/js/morris.min.js","https://mpsedc.mp.gov.in/mpitinvestment/sweetalert2/sweetalert2@11.js","https://mpsedc.mp.gov.in/mpitinvestment/ForgetUser?OTP=ZAP","https://mpsedc.mp.gov.in/securityaudit/images/wave/wave-05.png","https://mpsedc.mp.gov.in/securityaudit/images/mplogo.png","https://mpsedc.mp.gov.in/mpitinvestment/js/helpers/investment-portal-util-1.0.0.js?v=h8nKtrnwG1FACAOEiIxQp9iFpk4u0r8G_t9nsyEeJE4","https://mpsedc.mp.gov.in/securityaudit/js/custom.js","https://mpsedc.mp.gov.in/securityaudit/downloads/Policy_Guidelines_Data_Handling.pdf","https://mpsedc.mp.gov.in/mpitinvestment/login/login/index","https://mpsedc.mp.gov.in/securityaudit/Document/Hash_Value_SOP_2024.pdf","https://mpsedc.mp.gov.in/mpitinvestment/ForgetPassword/Authenticate","https://mpsedc.mp.gov.in/mpitinvestment/Login/login/index","https://mpsedc.mp.gov.in/mpitinvestment/ForgetUser/Authenticate","https://mpsedc.mp.gov.in/mpitinvestment/SignUp?ValidateCaptchaCode=ZAP&ValidateMobileNumber=9999999999","https://mpsedc.mp.gov.in/securityaudit/ScriptResource.axd?d=nQEZC5LU7PqFusYVupZNRA3WMnFKRXHEjtpZTgfG4akE8U3766P63JxFUObu9t6LZ-Linm6M-TAQ6Jl-5nfkHGe_FtN68tiEJNuhlVBbbmcicMRd72KxCw8lEkB8CqrkAOgxs8H3MSt0GoAfsKiWkqIWTUoJu1ij-eOu1sECvRfSFattTHI3PJHsYbs5mfL80&t=5c0e0825","https://mpsedc.mp.gov.in/securityaudit/js/bootsnav.js","https://mpsedc.mp.gov.in/securityaudit/js/jquery.sparkline.min.js","https://mpsedc.mp.gov.in/securityaudit/downloads/CERTInTermsConditions.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/CERT-In%20Info_Sec_Policy.pdf","https://mpsedc.mp.gov.in/securityaudit/images/loader.gif","https://mpsedc.mp.gov.in/mpitinvestment/SignUp?EnterOTP=ZAP&ValidateCaptchaCode=ZAP&ValidateMobileNumber=9999999999","https://mpsedc.mp.gov.in/mpitinvestment/ForgetPassword?OTP=ZAP","https://mpsedc.mp.gov.in/login/index","https://mpsedc.mp.gov.in/securityaudit/js/select2.min.js","https://mpsedc.mp.gov.in/securityaudit/ScriptResource.axd?d=uneHhv-eIwmkU69CY32fCwRKQnHDWlRFPakjzcQIYi44AUSL2SynonfJjB-NmfJ1wega-j9Ubp1yiPhrmnVdK0P7UKaT7FUs3JfywlE3LiCAeRjzOXR9YxFa6MQt0u8pCGVTxs3EF9nfMVLTJxunANpTu0PqvSUcY4oHQLAaf8M1&t=ffffffff93d1c106","https://mpsedc.mp.gov.in/securityaudit/js/raphael-2.1.0.min.js","https://mpsedc.mp.gov.in/securityaudit/GenerateCaptcha.ashx","https://mpsedc.mp.gov.in/securityaudit/js/MD5.JS","https://mpsedc.mp.gov.in/securityaudit/userapplication.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/30032025062419Intern%20assessment%20Batch%203%20&%204.pdf","https://mpsedc.mp.gov.in/securityaudit/ScriptResource.axd?d=gGd1xvbX2qTgBZj8HjZUDTfnK4vJ0HEV0UtdbkH8iqHIA15jW5mHde5giTYcGd5hWMPkivPVvV5RDLDL0rLOwGUO0tImyVQNjUFPwxm4EnOchbJVe5LDdEHDIQi1QEO43jg8I9kv8Qwc194xZF7BeWTRfYzt2i_j2eS9X3cCsPc1&t=5c0e0825","https://mpsedc.mp.gov.in/securityaudit/downloads/DeveloperGuidelines-3.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/DeveloperGuidelines-2.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/why_sec_bg.png","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/07032025054633WAITLIST%20CANDIDATES.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/CERT-IN%20Auditor_Guidelines.pdf","https://mpsedc.mp.gov.in/securityaudit/Default.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/13092024063036Interns%20Batch%203%20&%204%20Result.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/DeveloperGuidelines-4.pdf","https://mpsedc.mp.gov.in/securityaudit/js/jquery-ui-1.10.3.min.js","https://mpsedc.mp.gov.in/securityaudit/downloads/NON-Disclosure_Agreement.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/2%20-%20User%20Manual%20-%20Unit%20Certification.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=W2NGAvC3QrbOOrKzbWyFkw==&page=emc-2","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/1%20-%20User%20Manual%20-%20Registering%20with%20MPSEDC.pdf","https://mpsedc.mp.gov.in/securityaudit/Audit_Completed.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/06022025111712CAMPUS%20RECRUITMENT%202ND%20ROUND.pdf","https://mpsedc.mp.gov.in/securityaudit/js/pace.min.js","https://mpsedc.mp.gov.in/securityaudit/downloads/Secure_Coding_Guidelines%201.4.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/MAPITSecurityAuditInitiationDocument.docx","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024032647Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/securityaudit/applicants/userapplication.aspx","https://mpsedc.mp.gov.in/securityaudit/js/jquery.validate.min.js","https://mpsedc.mp.gov.in/securityaudit/WebResource.axd?d=360685XAdT9wyGyO75DuVBbdUJK_Dwy-vttFpA4hoTHEuwpzU6owUYbVhYTGSRngDiUz06jIlreOpiiiVUQWWYaceL9iIdpXCSDEMdylbbE1&t=638901734248157332","https://mpsedc.mp.gov.in/Uploaded%20Document/Aadhaar/Active%20Supervisors%20List%20as%20on%2016-03-2026.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/ITInvestmentPromotion/MP%20IT%20ITeS%20&%20ESDM%20Investment%20Promotion%20Policy%202023%20Amendment%20Order%2031-07-2024%20(1).pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/CERT-InGuidelineforAuditee.pdf","https://mpsedc.mp.gov.in/uidaicenter/adhaartiles.aspx","https://mpsedc.mp.gov.in/login","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/SDC%20Charges%20Revised.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/RTI%20Manual%20Work%202024.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/Guidelines-for-Secure-Application-Design-Development-Implementation-&-Operations.PDF","https://mpsedc.mp.gov.in/contents.aspx?number=pOX/FAkyvwraMWy8cOFthQ==&page=vision","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/1%20IT%20Policy%201999.pdf","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/PrototypeSubmission.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/07032025054404RESULT%20INTERNSHIP%202.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=YB3JbSC9u01q5WVFuTX0ZQ==&page=it-policy-2014","https://mpsedc.mp.gov.in/mpitinvestment/doc/sop_ip_23.pdf","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/uidaicenter/adhaartiles.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/mpitinvestment/doc/SOP_IP_23.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/SDC%20Brochure.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=+1NXpDZBlcH8lSkwGYCQ/Q==&page=terms-and-conditions","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/List%20of%20Items%20Considered%20for%20IT%20ITeS%20ESDM%20Sector.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/ETenders/Department_Manual_Mp-Tenders.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Cloud%20Adoption%20Framework.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/RTI%20Manual.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/08012025031005_Internship%202.0.pdf","https://mpsedc.mp.gov.in/sitemap.aspx?number=L+MOUYAiaTFtMO4NjbygBw==","https://mpsedc.mp.gov.in/contents.aspx?number=WZ0xjb9d3bnRQ+d9XlY7qw==&page=board-of-directors","https://mpsedc.mp.gov.in/contents.aspx?number=zpGgal0ODSW2Cy9ZbH8U6Q==&page=about-tender-cum-auction","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Madhya%20Pradesh%20IT%20ITeS%20&%20ESDM%20Investment%20Investment%20Promotion%20Policy%202023.pdf","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/uidaicenter/Districtwisecount.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/contents.aspx?number=rGITHAyDD8w+YYuZUaB0JQ%3d%3d&page=document-list","https://mpsedc.mp.gov.in/login.aspx","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/SubmissionForm.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/SimhasthaTechHackathon.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/UjjainTechHackathon.aspx","https://mpsedc.mp.gov.in/contents.aspx?number=HqGbv5imeAbtlX1j7AKwcQ==&page=result-8","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Implementation%20Guidelines%20for%20Madhya%20Pradesh%20IT,%20ITeS,%20and%20ESDM%20Investment%20Promotion%20Policy%202023%20-%20order%20-%2020.07.2024.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=hO8P7jmo+X5q3VI6bs858A==&page=key-managerial-personnel","https://mpsedc.mp.gov.in/contents.aspx?number=IL2wyyGehNIxLMUsqDn1yg==&page=it-policy-2023","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05102023111256Madhya%20Pradesh%20IT%20ITeS%20&%20ESDM%20Investment%20Investment%20Promotion%20Policy%202023.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/MP%20IT%20ITeS%20&%20ESDM%20Investment%20Promotion%20Policy%202023.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/ITInvestmentPromotion/MP%20IT%20ITeS%20&%20ESDM%20Investment%20Promotion%20Policy%202023%20As%20Amended%2031-07-2024.pdf","https://bilucky.com/","https://bilucky.com/robots.txt","https://bilucky.com/sitemap.xml"],"duration":10.421348810195923},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.02805519104004},"passive_scan":{"status":"completed","duration":0.002865314483642578},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"bilucky.com","open_ports":[80,443,8080,8443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"active_scan":{"scan_id":"1","status":"completed","duration":30.008283853530884},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"vulnerabilities":{"total_alerts":60,"high_risk":0,"medium_risk":3,"low_risk":5,"informational":52,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":3943,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"1403","alertRef":"10020-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3943,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1405","alertRef":"10038-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3943,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1409","alertRef":"90003"}],"Low":[{"nodeName":"https://bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":3910,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"3910","inputVector":"","url":"https://bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1402","alertRef":"10035-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"1778049898, which evaluates to: 2026-05-06 06:44:58.","method":"GET","evidence":"1778049898","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3943,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"set-cookie","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1410","alertRef":"10096"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":3943,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1411","alertRef":"10021"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":3990,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"3990","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1414","alertRef":"10035-1"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":3991,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"3991","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1415","alertRef":"10035-1"}],"Informational":[{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":3943,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1404","alertRef":"10015"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.bilucky.com\nCookie name: __cf_bm\n","method":"GET","evidence":"Domain=bilucky.com","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":3943,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"1406","alertRef":"90033"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"Links have been found with a target of '_self' - this is often used by modern frameworks to force a full page reload.","method":"GET","evidence":"\"visa\"\"visa\"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3943,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1408","alertRef":"10109"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"cookie:__cf_bm","method":"GET","evidence":"__cf_bm","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":3943,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"3943","inputVector":"","url":"https://www.bilucky.com/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"__cf_bm","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"1412","alertRef":"10112"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4748","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1416","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4750","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1417","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4752","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1418","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4754","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1419","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4756","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1420","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4758","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1421","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4760","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1422","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4762","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1423","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4764","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1424","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4766,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4766","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1425","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4768","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1426","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4772","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1427","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4774","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1428","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4776","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1429","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4778","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1430","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4780","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1431","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4782","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1432","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4785,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4785","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1433","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4787","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1434","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4789","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1435","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4791","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1436","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4794","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1437","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4797","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1438","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4801","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"1439","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4807","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1440","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4811","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"1441","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4815","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"1442","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4817","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1443","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4823","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1444","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4825","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1445","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4828","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"1446","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4831","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1447","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4840","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1448","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4852","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1449","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4871","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1450","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4873","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1451","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4875","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1452","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4877,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4877","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"1453","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4880","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1454","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4882","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1455","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4884","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1456","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4886","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1457","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4888,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4888","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"1458","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4890","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1459","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4892,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4892","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"1460","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4894","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"1461","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4896","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"1462","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4898,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"4898","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"1463","alertRef":"10104"}]},"vulnerability_types":{"Strict-Transport-Security Header Not Set":3,"Missing Anti-clickjacking Header":1,"Re-examine Cache-control Directives":1,"Content Security Policy (CSP) Header Not Set":1,"Loosely Scoped Cookie":1,"Modern Web Application":1,"Sub Resource Integrity Attribute Missing":1,"Timestamp Disclosure - Unix":1,"X-Content-Type-Options Header Missing":1,"Session Management Response Identified":1,"User Agent Fuzzer":48},"owasp_top10":{"A05: Security Misconfiguration":4,"Unmapped / Other":56}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69fae7928e4cf1e0291197a9"},"created_at":{"$date":"2026-05-06T07:02:42.027Z"},"url":"https://mpsedc.mp.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://mpsedc.mp.gov.in/","scan_timestamp":"20260506_063442","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":275,"urls_list":["https://mpsedc.mp.gov.in/sitemap.xml","https://mpsedc.mp.gov.in/robots.txt","https://mpsedc.mp.gov.in/","https://mpsedc.mp.gov.in/SimhasthaTechHackathon.html","https://mpsedc.mp.gov.in/esdm-units","https://mpsedc.mp.gov.in/uidaicenter/Districtwisecount.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05102023121831ITES%20ESDM%20%E0%A4%A8%E0%A5%80%E0%A4%A4%E0%A5%80%20%E0%A4%B5%E0%A5%83%E0%A4%A6%E0%A5%8D%E0%A4%A7_0001.pdf","https://mpsedc.mp.gov.in/mpitinvestment/","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05122024011620Result%20of%20Interns.pdf","https://mpsedc.mp.gov.in/securityaudit/","https://mpsedc.mp.gov.in/assets/mpsedc_flaticon/flaticon.css","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05122024012015Result%20of%20Interns.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/30122025080043GET%20Result%20B3%20&%20B4%20(1).pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/09022025011500Candidates%20who%20missed%20the%20MPSEDC%20Campus%20Recruitment%20on%207th%20&%208th%20February%202025%20have%20a%20final%20opportunity%20to%20appear%20on%2010th%20February%202025%20with%20Guideline%20(2).pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023443data-gov.png","https://mpsedc.mp.gov.in/assets/mpsedc_js/flexslider.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023522india-gov.png","https://mpsedc.mp.gov.in/aitechworkshop/","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/06122024024614Result%20Sheet%20Interns%20batch%203%20&%204%202024.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/bootstrap.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/30082025015255RECRUITMENT.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_css/style.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025850IT%20Park%20Jabalpur%201.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024032455Interns%20Final%20Result.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_fonts/style.css","https://mpsedc.mp.gov.in/assets/mpsedc_js/fancybox.min.js","https://mpsedc.mp.gov.in/assets/mpsedc_js/jquery.modern-ticker.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030453Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/js/bootsnav.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/29032026030325NOTICE_IFMS_Rechedule%20.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023500digital-india.png","https://mpsedc.mp.gov.in/images/dairy-img.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030845Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024051335Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/jquery.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024032109Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/newsbox.js","https://mpsedc.mp.gov.in/assets/mpsedc_js/script.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025916SDC.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/modern-ticker.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/php-email-form/validate.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/010920200543162.jpg","https://mpsedc.mp.gov.in/assets/img/favicon.ico","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05122024111812result.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/language_icon.png","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030359Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_js/slick.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024030554Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/17112025062215GET%20Half%20Yearly%20Result%20Batch%201%20&%20Batch%202%20(1).pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/header/28072020125926mplogo.png","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05112024114702Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024031106Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/Round-2-Result.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/logo.png","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/07022025043038Campus%20Recruitment%20Guideline%20&%20Reschedule%20for%202nd%20Round.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/CSS/jquery.countdownTimer.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/owl.theme.default.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/09042026055123Yearly%20Assessment%20Result%20of%20GET%20B1%20%20B2.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/03092025025820MP%20SpaceTech%20Policy%202025%20Draft.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=rGITHAyDD8w+YYuZUaB0JQ==&page=document-list","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024033327Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/index.html","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/owl.carousel.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/Draft%20MP%20AVGC-XR%20Policy.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/owl.carousel.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/main.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/05052026084729Batch%205%20&%206%20Half-Yearly%20Assessment%20Result%20Declared%20on%2004%20May%202026.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/07082024060728Draft%20MP%20AVGC-XR%20Policy.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025659Gwalior%20IT%20Park%201.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/glightbox/css/glightbox.min.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/bootstrap/js/bootstrap.bundle.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/aos/aos.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025434IT%20Park%20Bhopal%201.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/01092020054704Swan.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024034149Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/glightbox/js/glightbox.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Tower%20Policy%20Amendments.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/fontawesome-free/css/all.min.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/swiper/swiper-bundle.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/accessibility.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/first_prize_icon.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/jquery.modern-ticker.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/js/jquery-3.7.1.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/10122024030121Madhya%20Pradesh%20GCC%20Policy%202024.pdf","https://mpsedc.mp.gov.in/images/hackathon.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023554my-gov.png","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/MPSEDC%20CSR%20Policy.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/purecounter/purecounter_vanilla.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/21082020025632IT%20Park%20Indore%201.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/second_prize_icon.png","https://mpsedc.mp.gov.in/mpitinvestment/css/site.css?v=83wfcsOTahQahsaczV_9oPoJGsJg3IjC_9_PBzv2A2w","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/aos/aos.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/05112024115928Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/swiper/swiper-bundle.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023537mp-online.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/jquery.countdownTimer.js","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/06022025114359CAMPUS%20RECRUITMENT%202ND%20ROUND.pdf","https://mpsedc.mp.gov.in/mpitinvestment/SSOLogin","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061244Indore%20Sinhasa%20Banner.jpg","https://mpsedc.mp.gov.in/mpitinvestment/SignUp","https://mpsedc.mp.gov.in/mpitinvestment/ForgetUser","https://mpsedc.mp.gov.in/mpitinvestment/js/helpers/ip-util-prod.js","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/23022025100259policies%20banner.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/18032025034017Result_Campus%20Recruitment%20Drive.pdf","https://mpsedc.mp.gov.in/mpitinvestment/css/public_pages.css?v=itRNH8CYsKs92HE34PEOncRpZYUYCKnDVYZ6vd4_yqA","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/160220240508493rd%20Month%20Assessment%20Result%20Batch%201%20&%20Batch%202.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/cup.png","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061215Gwalior%20Malanpur%20Banner.jpg","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/3%20-%20User%20Manual%20-%20Applying%20for%20Subsidies%20&%20Incentives.pdf","https://mpsedc.mp.gov.in/assets/img/apple-touch-icon.png","https://mpsedc.mp.gov.in/securityaudit/objectives.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/mpsedc.png","https://mpsedc.mp.gov.in/securityaudit/Login.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/banner.jpg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/bootstrap-icons/bootstrap-icons.css","https://mpsedc.mp.gov.in/mpitinvestment/ForgetPassword","https://mpsedc.mp.gov.in/securityaudit/css/morris.css","https://mpsedc.mp.gov.in/Uploaded%20Document/header/28072020125926mpsedclogo.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/GooglePay.svg","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/10022025111047candidates%20for%2011th%20feb.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/barCode.png","https://mpsedc.mp.gov.in/securityaudit/guidlines.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/resultPDF.pdf","https://mpsedc.mp.gov.in/assets/mpsedc_css/modern-ticker.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/MP%20MSMED%20Policy%202021%20Booklet%20English.pdf","https://mpsedc.mp.gov.in/PrototypeSubmission.aspx","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/third_prize_icon.png","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/29072020023606standup-india.png","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/AppStore.svg","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/vendor/bootstrap/css/bootstrap.min.css","https://mpsedc.mp.gov.in/securityaudit/css/bootsnav.css","https://mpsedc.mp.gov.in/mpitinvestment/bootstrap-icons/font/bootstrap-icons.css","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/whocan.png","https://mpsedc.mp.gov.in/securityaudit/css/select2.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/29%20Industrial%20Promotion%20Policy%202014%20(Amended%20October%202019).pdf","https://mpsedc.mp.gov.in/securityaudit/css/style.default.css","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061108EMC%20Bhopal%20Banner.jpg","https://mpsedc.mp.gov.in/assets/mpsedc_js/tickerme.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/06022025113300CAMPUS%20RECRUITMENT%202ND%20ROUND.pdf","https://mpsedc.mp.gov.in/mpitinvestment/js/site.js?v=geC4fLjW1nHR4ssQOfjf9PIai-_4nM2mkUBEE-1Nd9o","https://mpsedc.mp.gov.in/securityaudit/js/modernizr.min.js","https://mpsedc.mp.gov.in/mpitinvestment/js/helpers/md5.js","https://mpsedc.mp.gov.in/securityaudit/css/stylenew.css","https://mpsedc.mp.gov.in/securityaudit/css/overwrite.css","https://mpsedc.mp.gov.in/mpitinvestment/bootstrap-icons/font/bootstrap-icons.min.css","https://mpsedc.mp.gov.in/mpitinvestment/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/timeline.png","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/160720240122066%20Monthly%20Assessment%20Result.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/slider/22022025061311Purva%20Jabalpur%20Banner.jpg","https://mpsedc.mp.gov.in/securityaudit/js/bootstrap.min.js","https://mpsedc.mp.gov.in/securityaudit/Request.aspx","https://mpsedc.mp.gov.in/mpitinvestment/js/controllers/sign-up.js?v=Qm1dmRQKGLegbP1o4pGmNhOqGZwWcldiBvXuiMWw0ic","https://mpsedc.mp.gov.in/securityaudit/js/jquery-migrate-1.2.1.min.js","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap/dist/css/bootstrap.min.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Industrial%20Promotion%20Policy%202014%20Amended%20October%202019.pdf","https://mpsedc.mp.gov.in/SubmissionForm.aspx","https://mpsedc.mp.gov.in/SimhasthaTechHackathon.aspx","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap/dist/js/bootstrap.bundle.min.js","https://mpsedc.mp.gov.in/securityaudit/js/jquery.cookies.js","https://mpsedc.mp.gov.in/mpitinvestment/Login/Authenticate","https://mpsedc.mp.gov.in/securityaudit/js/flot/jquery.flot.resize.min.js","https://mpsedc.mp.gov.in/securityaudit/js/retina.min.js","https://mpsedc.mp.gov.in/mpitinvestment/login/index","https://mpsedc.mp.gov.in/securityaudit/js/jquery-1.11.1.min.js","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/css/main.css","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/2%20IT%20Policy%202006.pdf","https://mpsedc.mp.gov.in/mpitinvestment/lib/jquery/dist/jquery.min.js","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05112024110612Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/28%20Gazette%20Notification%20for%20FAR.pdf","https://mpsedc.mp.gov.in/mpitinvestment","https://mpsedc.mp.gov.in/mpitinvestment/js/controllers/forgotuser.js","https://mpsedc.mp.gov.in/mpitinvestment/SignUp?EnterOTP=ZAP","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap-datepicker/bootstrap-datepicker.min.css","https://mpsedc.mp.gov.in/securityaudit/js/flot/jquery.flot.min.js","https://mpsedc.mp.gov.in/securityaudit/js/flot/jquery.flot.spline.min.js","https://mpsedc.mp.gov.in/securityaudit/js/bootstrap-wizard.min.js","https://mpsedc.mp.gov.in/mpitinvestment/js/controllers/forgotpassword.js","https://mpsedc.mp.gov.in/mpitinvestment/lib/jquery-validation/dist/jquery.validate.min.js","https://mpsedc.mp.gov.in/User","https://mpsedc.mp.gov.in/securityaudit/images/wave/wave-01.png","https://mpsedc.mp.gov.in/mpitinvestment/lib/bootstrap-datepicker/bootstrap-datepicker.min.js","https://mpsedc.mp.gov.in/securityaudit/images/28072020125926mpsedclogo.png","https://mpsedc.mp.gov.in/securityaudit/js/morris.min.js","https://mpsedc.mp.gov.in/mpitinvestment/sweetalert2/sweetalert2@11.js","https://mpsedc.mp.gov.in/mpitinvestment/ForgetUser?OTP=ZAP","https://mpsedc.mp.gov.in/securityaudit/images/wave/wave-05.png","https://mpsedc.mp.gov.in/securityaudit/images/mplogo.png","https://mpsedc.mp.gov.in/mpitinvestment/js/helpers/investment-portal-util-1.0.0.js?v=h8nKtrnwG1FACAOEiIxQp9iFpk4u0r8G_t9nsyEeJE4","https://mpsedc.mp.gov.in/securityaudit/js/custom.js","https://mpsedc.mp.gov.in/securityaudit/downloads/Policy_Guidelines_Data_Handling.pdf","https://mpsedc.mp.gov.in/mpitinvestment/login/login/index","https://mpsedc.mp.gov.in/securityaudit/Document/Hash_Value_SOP_2024.pdf","https://mpsedc.mp.gov.in/mpitinvestment/ForgetPassword/Authenticate","https://mpsedc.mp.gov.in/mpitinvestment/Login/login/index","https://mpsedc.mp.gov.in/mpitinvestment/ForgetUser/Authenticate","https://mpsedc.mp.gov.in/mpitinvestment/SignUp?ValidateCaptchaCode=ZAP&ValidateMobileNumber=9999999999","https://mpsedc.mp.gov.in/securityaudit/ScriptResource.axd?d=nQEZC5LU7PqFusYVupZNRA3WMnFKRXHEjtpZTgfG4akE8U3766P63JxFUObu9t6LZ-Linm6M-TAQ6Jl-5nfkHGe_FtN68tiEJNuhlVBbbmcicMRd72KxCw8lEkB8CqrkAOgxs8H3MSt0GoAfsKiWkqIWTUoJu1ij-eOu1sECvRfSFattTHI3PJHsYbs5mfL80&t=5c0e0825","https://mpsedc.mp.gov.in/securityaudit/js/bootsnav.js","https://mpsedc.mp.gov.in/securityaudit/js/jquery.sparkline.min.js","https://mpsedc.mp.gov.in/securityaudit/downloads/CERTInTermsConditions.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/CERT-In%20Info_Sec_Policy.pdf","https://mpsedc.mp.gov.in/securityaudit/images/loader.gif","https://mpsedc.mp.gov.in/mpitinvestment/SignUp?EnterOTP=ZAP&ValidateCaptchaCode=ZAP&ValidateMobileNumber=9999999999","https://mpsedc.mp.gov.in/mpitinvestment/ForgetPassword?OTP=ZAP","https://mpsedc.mp.gov.in/login/index","https://mpsedc.mp.gov.in/securityaudit/js/select2.min.js","https://mpsedc.mp.gov.in/securityaudit/ScriptResource.axd?d=uneHhv-eIwmkU69CY32fCwRKQnHDWlRFPakjzcQIYi44AUSL2SynonfJjB-NmfJ1wega-j9Ubp1yiPhrmnVdK0P7UKaT7FUs3JfywlE3LiCAeRjzOXR9YxFa6MQt0u8pCGVTxs3EF9nfMVLTJxunANpTu0PqvSUcY4oHQLAaf8M1&t=ffffffff93d1c106","https://mpsedc.mp.gov.in/securityaudit/js/raphael-2.1.0.min.js","https://mpsedc.mp.gov.in/securityaudit/GenerateCaptcha.ashx","https://mpsedc.mp.gov.in/securityaudit/js/MD5.JS","https://mpsedc.mp.gov.in/securityaudit/userapplication.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/30032025062419Intern%20assessment%20Batch%203%20&%204.pdf","https://mpsedc.mp.gov.in/securityaudit/ScriptResource.axd?d=gGd1xvbX2qTgBZj8HjZUDTfnK4vJ0HEV0UtdbkH8iqHIA15jW5mHde5giTYcGd5hWMPkivPVvV5RDLDL0rLOwGUO0tImyVQNjUFPwxm4EnOchbJVe5LDdEHDIQi1QEO43jg8I9kv8Qwc194xZF7BeWTRfYzt2i_j2eS9X3cCsPc1&t=5c0e0825","https://mpsedc.mp.gov.in/securityaudit/downloads/DeveloperGuidelines-3.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/DeveloperGuidelines-2.pdf","https://mpsedc.mp.gov.in/assets/Ujjaintechassets/img/why_sec_bg.png","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/07032025054633WAITLIST%20CANDIDATES.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/CERT-IN%20Auditor_Guidelines.pdf","https://mpsedc.mp.gov.in/securityaudit/Default.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/13092024063036Interns%20Batch%203%20&%204%20Result.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/DeveloperGuidelines-4.pdf","https://mpsedc.mp.gov.in/securityaudit/js/jquery-ui-1.10.3.min.js","https://mpsedc.mp.gov.in/securityaudit/downloads/NON-Disclosure_Agreement.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/2%20-%20User%20Manual%20-%20Unit%20Certification.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=W2NGAvC3QrbOOrKzbWyFkw==&page=emc-2","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/1%20-%20User%20Manual%20-%20Registering%20with%20MPSEDC.pdf","https://mpsedc.mp.gov.in/securityaudit/Audit_Completed.aspx","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/06022025111712CAMPUS%20RECRUITMENT%202ND%20ROUND.pdf","https://mpsedc.mp.gov.in/securityaudit/js/pace.min.js","https://mpsedc.mp.gov.in/securityaudit/downloads/Secure_Coding_Guidelines%201.4.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/MAPITSecurityAuditInitiationDocument.docx","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/04112024032647Interns%20Final%20Result%20Upload%20on%20webiste.pdf","https://mpsedc.mp.gov.in/securityaudit/applicants/userapplication.aspx","https://mpsedc.mp.gov.in/securityaudit/js/jquery.validate.min.js","https://mpsedc.mp.gov.in/securityaudit/WebResource.axd?d=360685XAdT9wyGyO75DuVBbdUJK_Dwy-vttFpA4hoTHEuwpzU6owUYbVhYTGSRngDiUz06jIlreOpiiiVUQWWYaceL9iIdpXCSDEMdylbbE1&t=638901734248157332","https://mpsedc.mp.gov.in/Uploaded%20Document/Aadhaar/Active%20Supervisors%20List%20as%20on%2016-03-2026.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/ITInvestmentPromotion/MP%20IT%20ITeS%20&%20ESDM%20Investment%20Promotion%20Policy%202023%20Amendment%20Order%2031-07-2024%20(1).pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/CERT-InGuidelineforAuditee.pdf","https://mpsedc.mp.gov.in/uidaicenter/adhaartiles.aspx","https://mpsedc.mp.gov.in/login","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/SDC%20Charges%20Revised.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/RTI%20Manual%20Work%202024.pdf","https://mpsedc.mp.gov.in/securityaudit/downloads/Guidelines-for-Secure-Application-Design-Development-Implementation-&-Operations.PDF","https://mpsedc.mp.gov.in/contents.aspx?number=pOX/FAkyvwraMWy8cOFthQ==&page=vision","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/1%20IT%20Policy%201999.pdf","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/PrototypeSubmission.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/07032025054404RESULT%20INTERNSHIP%202.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=YB3JbSC9u01q5WVFuTX0ZQ==&page=it-policy-2014","https://mpsedc.mp.gov.in/mpitinvestment/doc/sop_ip_23.pdf","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/uidaicenter/adhaartiles.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/mpitinvestment/doc/SOP_IP_23.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/SDC%20Brochure.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=+1NXpDZBlcH8lSkwGYCQ/Q==&page=terms-and-conditions","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/List%20of%20Items%20Considered%20for%20IT%20ITeS%20ESDM%20Sector.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/ETenders/Department_Manual_Mp-Tenders.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Cloud%20Adoption%20Framework.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Documents/RTI%20Manual.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/UpcomingEvents/08012025031005_Internship%202.0.pdf","https://mpsedc.mp.gov.in/sitemap.aspx?number=L+MOUYAiaTFtMO4NjbygBw==","https://mpsedc.mp.gov.in/contents.aspx?number=WZ0xjb9d3bnRQ+d9XlY7qw==&page=board-of-directors","https://mpsedc.mp.gov.in/contents.aspx?number=zpGgal0ODSW2Cy9ZbH8U6Q==&page=about-tender-cum-auction","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Madhya%20Pradesh%20IT%20ITeS%20&%20ESDM%20Investment%20Investment%20Promotion%20Policy%202023.pdf","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/uidaicenter/Districtwisecount.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/contents.aspx?number=rGITHAyDD8w+YYuZUaB0JQ%3d%3d&page=document-list","https://mpsedc.mp.gov.in/login.aspx","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/SubmissionForm.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/Oops.aspx?er=The%20file%20'/SimhasthaTechHackathon.aspx'%20does%20not%20exist.","https://mpsedc.mp.gov.in/UjjainTechHackathon.aspx","https://mpsedc.mp.gov.in/contents.aspx?number=HqGbv5imeAbtlX1j7AKwcQ==&page=result-8","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/Implementation%20Guidelines%20for%20Madhya%20Pradesh%20IT,%20ITeS,%20and%20ESDM%20Investment%20Promotion%20Policy%202023%20-%20order%20-%2020.07.2024.pdf","https://mpsedc.mp.gov.in/contents.aspx?number=hO8P7jmo+X5q3VI6bs858A==&page=key-managerial-personnel","https://mpsedc.mp.gov.in/contents.aspx?number=IL2wyyGehNIxLMUsqDn1yg==&page=it-policy-2023","https://mpsedc.mp.gov.in/Uploaded%20Document/LatestNews/05102023111256Madhya%20Pradesh%20IT%20ITeS%20&%20ESDM%20Investment%20Investment%20Promotion%20Policy%202023.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/Policies%20and%20Rules/MP%20IT%20ITeS%20&%20ESDM%20Investment%20Promotion%20Policy%202023.pdf","https://mpsedc.mp.gov.in/Uploaded%20Document/ITInvestmentPromotion/MP%20IT%20ITeS%20&%20ESDM%20Investment%20Promotion%20Policy%202023%20As%20Amended%2031-07-2024.pdf"],"duration":70.31969928741455},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.07510256767273},"passive_scan":{"status":"completed","duration":0.010338306427001953},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"mpsedc.mp.gov.in","open_ports":[443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/ascan/view/status/?scanId=0 (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"vulnerabilities":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"reports":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"}}},"summary":""},{"_id":{"$oid":"69faf96d9a69bd887804de03"},"created_at":{"$date":"2026-05-06T08:18:53.940Z"},"url":"https://bilucky.com","tool":"owaspzap","result":{"status":"completed","target_url":"https://bilucky.com","scan_timestamp":"20260506_081417","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":4,"urls_list":["https://bilucky.com","https://bilucky.com/","https://bilucky.com/robots.txt","https://bilucky.com/sitemap.xml"],"duration":10.078665256500244},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06698226928711},"passive_scan":{"status":"completed","duration":0.008491039276123047},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"bilucky.com","open_ports":[80,443,8080,8443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"active_scan":{"scan_id":"0","status":"completed","duration":30.00943613052368},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"vulnerabilities":{"total_alerts":62,"high_risk":0,"medium_risk":3,"low_risk":7,"informational":52,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":3,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"1","alertRef":"10020-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3","alertRef":"10038-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"7","alertRef":"90003"}],"Low":[{"nodeName":"https://bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"0","alertRef":"10035-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"set-cookie: __cf_bm","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":3,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"__cf_bm","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"5","alertRef":"10054-1"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"1778055316, which evaluates to: 2026-05-06 08:15:16.","method":"GET","evidence":"1778055316","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"set-cookie","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"8","alertRef":"10096"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":3,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"9","alertRef":"10021"},{"nodeName":"https://bilucky.com","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":9,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"9","inputVector":"","url":"https://bilucky.com","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"11","alertRef":"10035-1"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":11,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"11","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"13","alertRef":"10035-1"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":12,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"12","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"14","alertRef":"10035-1"}],"Informational":[{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":3,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"2","alertRef":"10015"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"The origin domain used for comparison was:\nwww.bilucky.com\nCookie name: __cf_bm\n","method":"GET","evidence":"Domain=bilucky.com","pluginId":"90033","cweid":"565","confidence":"Low","sourceMessageId":3,"wascid":"15","description":"Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"CWE-565":"https://cwe.mitre.org/data/definitions/565.html","OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/rfc6265#section-4.1\nhttps://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html\nhttps://code.google.com/archive/p/browsersec/wikis/Part2.wiki","solution":"Always scope cookies to a FQDN (Fully Qualified Domain Name).","alert":"Loosely Scoped Cookie","param":"","attack":"","name":"Loosely Scoped Cookie","risk":"Informational","id":"4","alertRef":"90033"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"Links have been found with a target of '_self' - this is often used by modern frameworks to force a full page reload.","method":"GET","evidence":"\"visa\"\"visa\"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"6","alertRef":"10109"},{"nodeName":"https://www.bilucky.com/","sourceid":"3","other":"cookie:__cf_bm","method":"GET","evidence":"__cf_bm","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":3,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"3","inputVector":"","url":"https://www.bilucky.com/","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"__cf_bm","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"10","alertRef":"10112"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"121","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"123","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"125","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"127","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"18","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"129","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"19","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"131","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"20","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"133","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"21","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"135","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"22","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"138","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"23","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"139","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"24","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"141","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"25","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"143","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"26","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"145","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"27","alertRef":"10104"},{"nodeName":"https://bilucky.com/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":11,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"147","inputVector":"","url":"https://bilucky.com/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"28","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"149","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"29","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"151","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"30","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"153","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"31","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"155","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"32","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"157","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"33","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"159","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"34","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"161","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"35","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"163","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"36","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"165","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"37","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"167","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"38","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"169","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"39","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"171","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"40","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"173","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"41","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"175","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"42","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"177","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"43","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"179","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"44","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"181","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"45","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"183","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"46","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"185","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"47","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"187","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"48","alertRef":"10104"},{"nodeName":"https://bilucky.com/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":12,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"189","inputVector":"","url":"https://bilucky.com/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"49","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"191","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"50","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"193","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"51","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"195","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"52","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"197","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"53","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"199","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"54","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"201","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"55","alertRef":"10104"},{"nodeName":"https://bilucky.com/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":10,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"203","inputVector":"","url":"https://bilucky.com/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"56","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"205","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"57","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"207","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"58","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"209","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"59","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"211","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"60","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"213","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"61","alertRef":"10104"},{"nodeName":"https://bilucky.com","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":9,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"215","inputVector":"","url":"https://bilucky.com","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"62","alertRef":"10104"}]},"vulnerability_types":{"Strict-Transport-Security Header Not Set":4,"Missing Anti-clickjacking Header":1,"Re-examine Cache-control Directives":1,"Content Security Policy (CSP) Header Not Set":1,"Loosely Scoped Cookie":1,"Cookie without SameSite Attribute":1,"Modern Web Application":1,"Sub Resource Integrity Attribute Missing":1,"Timestamp Disclosure - Unix":1,"X-Content-Type-Options Header Missing":1,"Session Management Response Identified":1,"User Agent Fuzzer":48},"owasp_top10":{"A05: Security Misconfiguration":5,"Unmapped / Other":57}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"69fd271c9017325aedf4f0c4"},"created_at":{"$date":"2026-05-07T23:58:20.840Z"},"url":"https://www.veltris.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.veltris.com/","scan_timestamp":"20260507_175514","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":1333,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-json/","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/uploads/2026/01/Home-Financial-Service.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-Vertical-AI-Banner_600x800-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/services/data-ai/","https://www.veltris.com/resources/","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/services/","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/industries/","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/uploads/2025/05/1%E2%80%94Mobile-600X800-%E2%80%93-1-1.png","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/client-case-studies/","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/insights/","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2025/09/img_14-2.png","https://www.veltris.com/careers/","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-content/uploads/2025/09/img_8-6.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/uploads/2025/09/img_5-5.png","https://www.veltris.com/guides/","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/09/img_5-3.png","https://www.veltris.com/whitepapers/","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/wp-content/uploads/2025/09/img_6-4.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/disclaimer/","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/blogs/","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/events/","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/COVID_Detection_from_CT-Scan.pdf","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/sitemap/","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing_Daily_Logistical_Operations_through_Data_Analytics_Reporting.pdf","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID-Detection-from-CT-Scan-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Reduced_Scan_Time_of_MRI_Scanners_Using_AI-Enhanced_MRI_Images_for_a_Medical_Imaging_Software_Company_.pdf","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/wp-content/uploads/2025/09/Reduced-Scan-Time-of-MRI-Scanners-Using-AI-Enhanced-MRI-Images-for-a-Medical-Imaging-Software-Compan-300x169.png","https://www.veltris.com/?p=25086","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-content/uploads/2025/09/img_13-3.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-7.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_15-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_29.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing-Daily-Logistical-Operations-through-Data-Analytics-Reporting.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-5.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-4.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_30.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-6.png","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_11-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_23-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_22-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_8-5.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2025/09/img_13-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_25-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_27-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_20-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_12-2.png","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/?p=18546","https://www.veltris.com/wp-content/uploads/2025/09/img_4-3.png","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID-Detection-from-CT-Scan.png","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/?p=27965","https://www.veltris.com/wp-content/uploads/2025/09/img_7-3.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_31.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_18-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_24.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/img_15-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-2.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-content/uploads/2025/09/img_21.png","https://www.veltris.com/?p=25111","https://www.veltris.com/wp-content/uploads/2025/09/img_18-1.png","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/?p=27074","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-json/wp/v2/pages/18546","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/?p=28655","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/09/img_8-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_20.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing-Daily-Logistical-Operations-through-Data-Analytics-Reporting-300x169.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/?p=30007","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/wp-content/uploads/2025/09/img_27.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_13-1.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/?p=28249","https://www.veltris.com/wp-json/wp/v2/pages/27965","https://www.veltris.com/wp-content/uploads/2025/09/img_24-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-6.png","https://www.veltris.com/wp-content/uploads/2025/09/Img_7-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/?p=27997","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/?p=29587","https://www.veltris.com/wp-content/uploads/2025/09/img_6-5.png","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_11-5.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-6.png","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Flife-at-veltris%2F","https://www.veltris.com/pressroom/","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-3.png","https://www.veltris.com/about-us/","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_25.png","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16-2.png","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2025/09/Built_iOS_Android_Mobile_Apps_for_Health_Wellness_Monitoring_Tool.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_4-6.png","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_26.png","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_1-6.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_3-4.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_3-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_23.png","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Flife-at-veltris%2F","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_3-7.png","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/casestudies/digital-platform-overhaul-to-enhance-automation-sales/","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/casestudies/increasing-data-insights-with-api-integration/","https://www.veltris.com/wp-content/uploads/2025/09/img_17-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2025/09/specialty-dental-brands.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Reduced-Scan-Time-of-MRI-Scanners-Using-AI-Enhanced-MRI-Images-for-a-Medical-Imaging-Software-Compan.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-1.png","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_5-7.png","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/casestudies/transforming-dental-patients-experience-with-an-ai-chatbot/","https://www.veltris.com/wp-content/uploads/2025/09/img_9-5.png","https://www.veltris.com/wp-content/uploads/2025/09/PBM-Platforms-Needing-Modernization.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_17-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_21-1.png","https://www.veltris.com/casestudies/pms-migration-from-eaglesoft-to-denticon/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_6-3.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/09/Payers-with-Integrated-PBM-Operations.png","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Unitedhealthcare.png","https://www.veltris.com/wp-content/uploads/2025/09/southern-dental-alliance.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-content/uploads/2025/09/XL-dent.png","https://www.veltris.com/?p=28753","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/casestudies/improved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system/","https://www.veltris.com/wp-content/uploads/2025/09/img_12-3.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/casestudies/revolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system/","https://www.veltris.com/wp-content/uploads/2025/09/img_2-3.png","https://www.veltris.com/wp-content/uploads/2025/09/Mid-market-PBMs.png","https://www.veltris.com/wp-content/uploads/2025/09/img_28.png","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/casestudies/accelerating-claims-turnaround-with-revenue-cycle-management-solutions/","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/casestudies/custom-accurate-reporting-with-your-own-dso-datawarehouse/","https://www.veltris.com/wp-content/uploads/2025/09/img_26-1.png","https://www.veltris.com/wp-content/uploads/2025/07/Veltris_Accelerated_AI-Platform.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-Mobile-600X800.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/09/Build.png","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2025/09/img_4-5.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2025/09/Modernize.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Built_iOS_Android_Mobile_Applications_for_Health_Wellness_Monitoring_Tool-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/casestudies/modernizing-legacy-software-in-the-hearing-industry/","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Time-to-Market.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/04/Cyber-Security-Infrastructure.svg","https://www.veltris.com/casestudies/eligibility-automation-with-the-eligibility-bot/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Opendental-software.png","https://www.veltris.com/wp-content/uploads/2025/09/img_22.png","https://www.veltris.com/wp-content/uploads/2025/09/Identalsoft.png","https://www.veltris.com/wp-content/uploads/2025/09/Poor-Customer-Experience.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2025/07/Overview-img-size-640x470-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Time-to-Market.svg","https://www.veltris.com/wp-content/uploads/2025/09/Fuse.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/wp-content/uploads/2025/09/Siloed-Enterprise-Data.svg","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Product-Lifecycle.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/wp-content/uploads/2025/07/AgenticAI-Tech-Stack-Play-scaled-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Dentrixenterprise.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/09/easydental.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-2000-700.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/casestudies/transformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring/","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Productivity.svg","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Sophisticated-Cyber-Threats.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Debt.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Security.svg","https://www.veltris.com/wp-content/uploads/2025/09/Build_darkblue-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Siloed-Enterprise-Data.png","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/wp-content/uploads/2025/09/Monetize-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Monetize_darkblue-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernize_darkblue-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/HealthTech-Platforms_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/09/Enterprise-Transport-Networks.svg","https://www.veltris.com/wp-content/uploads/2025/09/Abeldent.png","https://www.veltris.com/wp-content/uploads/2025/09/Build-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dentrix.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Data-Engineering-Analytics.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Poor-Customer-Experience.svg","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/wp-content/uploads/2025/09/OMS.png","https://www.veltris.com/wp-content/uploads/2025/09/Cybersecurity-Engineering.svg","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-content/uploads/2025/09/Modernize-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Product-Lifecycle.svg","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Debt.svg","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Sophisticated-Cyber-Threats.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dolphin.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-content/uploads/2025/09/Private-Wireless-Networks.svg","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/09/Built_iOS_Android_Mobile_Applications_for_Health_Wellness_Monitoring_Tool.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/eaglesoft.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Product-Innovation.svg","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2025/09/Multicloud-Engineering.svg","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/?p=28462","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-json/wp/v2/pages/25313","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-enterprise%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/09/ERD-Verification-Validation.svg","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/wp-content/uploads/2023/03/Custom-Accurate-Reporting-with-your-own-DSO-Datawarehouse-29-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Custom-Accurate-Reporting-with-your-own-DSO-Datawarehouse-29.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/?p=25313","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Generic-One-Size-Fits-All-Client-Experiences.svg","https://www.veltris.com/wp-content/uploads/2025/09/Rising-Cybersecurity-Threats.svg","https://www.veltris.com/wp-content/uploads/2025/09/Underutilized-Data-Assets.svg","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-Technology-Debt.svg","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/?p=14556","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/09/Data-Silos-Underutilization.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/?p=13946","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/09/Security-Compliance-Maze.png","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-to-Meet-Demand.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/09/The-AI-Integration-Gap.png","https://www.veltris.com/wp-content/uploads/2025/09/Siloed-Data-Hindering-Insights.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Silos-Underutilization.svg","https://www.veltris.com/wp-content/uploads/2025/09/Carestreamdental.png","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Pace-of-Digital-Innovation.svg","https://www.veltris.com/wp-content/uploads/2025/09/Revenue-Diversification.png","https://www.veltris.com/wp-content/uploads/2025/09/Inefficient-Manual-Workflows.svg","https://www.veltris.com/?p=25125","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2025/12/DocuSenseAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Paralysis.svg","https://www.veltris.com/wp-content/uploads/2025/09/Difficulty-in-Scaling-Operations.svg","https://www.veltris.com/wp-content/uploads/2025/12/ThreatShieldAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/09/The-AI-Integration-Gap.svg","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Paralysis.png","https://www.veltris.com/wp-content/uploads/2025/09/Revenue-Diversification.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Finsights%2F","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Finsights%2F","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/wp-json/wp/v2/pages/14556","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/09/Untapped-Data-Value.png","https://www.veltris.com/wp-content/uploads/2025/12/AuraVoiceAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/12/InvoiceXtractAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement-1-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/uploads/2025/09/icon_Untapped-Data-Value.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/09/Revit-Software-Solutions.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-content/uploads/2025/09/icon_Build-Intelligent-Platforms.svg","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-json/wp/v2/pages/13946","https://www.veltris.com/wp-content/uploads/2025/09/Disconnected-Operations.png","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/12/BotCraftAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Unpredictable-Project-Outcomes.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Innovation-Scalability-Issues.svg","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovation-Scalability-Issues.png","https://www.veltris.com/wp-content/uploads/2025/09/Lagging-Productivity-Safety.png","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/HealthTech-Platforms_Banner_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/09/Construction-Submittal-Solutions.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/resources","https://www.veltris.com/wp-content/uploads/2025/09/icon_Ensure-Resilient-Cloud-Operations.svg","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2025/12/HireVellAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/09/Construction-Accounting-Software.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/wp-content/uploads/2025/09/icon_Drive-Decisions-with-Advanced-Analytics.svg","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-content/uploads/2025/09/icon_Modernize-with-AI-Automation.svg","https://www.veltris.com/wp-content/uploads/2025/09/Security-Compliance-Maze.svg","https://www.veltris.com/wp-content/uploads/2025/09/icon_Monetize-Data-Assets.svg","https://www.veltris.com/wp-content/uploads/2025/09/Construction-ERP-Software.png","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Equipment-Management-Software.png","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Bid-Management-Cost-Estimation-Software.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2025/09/icon_Disconnected-Operations.svg","https://www.veltris.com/wp-content/uploads/2025/09/Building-Information-Modeling-BIM-Software.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/09/IT-OT-Field-Convergence.svg","https://www.veltris.com/wp-content/uploads/2025/09/icon_Enhance-Constituent-Engagement.svg","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-AI-Enterprise-Banner-Mobile.png","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-to-Meet-Demand.svg","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Unpredictable-Project-Outcomes.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/wp-content/uploads/2025/09/icon_Optimize-End-to-End-Product-Lifecycle.svg","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/?p=28005","https://www.veltris.com/case-studies","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/blogs","https://www.veltris.com/wp-content/uploads/2025/09/Intense-Competitive-Pressure.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/guides","https://www.veltris.com/wp-content/uploads/2025/09/Smart-Factory-Smart-Things.svg","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/infographics","https://www.veltris.com/?p=14069","https://www.veltris.com/whitepapers","https://www.veltris.com/wp-content/uploads/2025/12/VIA-AI-Enterprise-Banner.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/wp-content/uploads/2025/09/Construction-Scheduling-Software.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/?p=28435","https://www.veltris.com/wp-json/wp/v2/pages/14069","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/09/icon_Intense-Competitive-Pressure.svg","https://www.veltris.com/?p=25298","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Construction-Project-Management-Software.png","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Lagging-Productivity-Safety.svg","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Insights_mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies_mob.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2025/09/Cold_Chain_Logistics_for_Enhanced_Operational_Efficiency_Data_Integration.pdf","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/wp-content/uploads/2025/11/Tarannum_Fatima.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2025/04/Insights.png","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Anurag_Choudhary.jpg","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/?p=22001","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies.png","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/pressroom","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Lifecycle-Management.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2025/11/MVSN_Raju.jpg","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2025/09/Payers-Modernizing-Claims-RCM.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/","https://www.veltris.com/wp-json/wp/v2/pages/22001","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Managers-PBMs.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-Safely.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Overload.png","https://www.veltris.com/?p=30163","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-content/uploads/2022/11/Surya-Vamsi-200x200-1.jpeg","https://www.veltris.com/wp-content/uploads/2022/11/anvesh-200x200-1.jpeg","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-Safely.svg","https://www.veltris.com/?p=30392","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/Shrinking-Design-Cycles.png","https://www.veltris.com/wp-content/uploads/2022/09/carrers-img.jpeg","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2025/09/Maximizing-Asset-Uptime.png","https://www.veltris.com/wp-content/uploads/2025/09/Time-to-Market-Pressure.png","https://www.veltris.com/wp-content/uploads/2022/11/Ravi-Sanapla-200x200-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Madhav-J-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Lifecycle-Management.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-industry%2F","https://www.veltris.com/wp-content/uploads/2025/09/Monetization-Models.png","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Manivsrsh-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Reliable-Factory-Connectivity.png","https://www.veltris.com/wp-content/uploads/2025/09/Shrinking-Design-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/09/Cold-Chain-Logistics-for-Enhanced-Operational-Efficiency-Data-Integration-300x169.png","https://www.veltris.com/wp-content/uploads/2022/11/Swathi-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Careers_mob.png","https://www.veltris.com/wp-content/uploads/2025/12/DentistryAutomation-AI_VIA.png","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetization-Models.svg","https://www.veltris.com/wp-content/uploads/2025/09/Audience-Fragmentation.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Developed_a_Mobile_App_Platform_to_Facilitate_Various_Types_of_Payments.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/FaultAnalyzeAI_VIA.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-content/uploads/2022/11/Abdul-200x200-1.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/Content-Discovery.png","https://www.veltris.com/wp-content/uploads/2025/09/Unlocking-Value-from-Data.png","https://www.veltris.com/wp-json/wp/v2/pages/25474","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-content/uploads/2025/09/Data-Overload.svg","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Reliable-Factory-Connectivity.svg","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations.png","https://www.veltris.com/wp-content/uploads/2022/11/Johnson.png","https://www.veltris.com/wp-content/uploads/2025/09/Operational-Complexity.png","https://www.veltris.com/wp-content/uploads/2025/09/Maximizing-Asset-Uptime.svg","https://www.veltris.com/wp-content/uploads/2022/11/Bhargavi-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Time-to-Market-Pressure.svg","https://www.veltris.com/wp-content/uploads/2025/09/Monetization-ROI.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovation-Scalability.png","https://www.veltris.com/wp-content/uploads/2022/11/Venu.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/12/VeloRXAI_VIA.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Content-Security.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fdisclaimer%2F","https://www.veltris.com/wp-content/uploads/2025/09/Operational-Complexity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Audience-Fragmentation.svg","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2022/11/Murali-Krishna-1-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific-1-1.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/12/DefectQC-AI_VIA.png","https://www.veltris.com/wp-content/uploads/2025/09/Media-Streaming-Engineering.svg","https://www.veltris.com/wp-content/uploads/2025/09/Monetization-ROI.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-and-Platforms_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovation-Scalability.svg","https://www.veltris.com/wp-content/uploads/2025/09/Content-Discovery.svg","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Accelerating-5G-Monetization.png","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations_mob.png","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernizing-Enterprise-Networks.png","https://www.veltris.com/wp-content/uploads/2025/09/Deploying-Agile-Private-Wireless.png","https://www.veltris.com/wp-content/uploads/2025/09/Underutilized-Data-Assets.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/09/Navigating-Network-Complexity.svg","https://www.veltris.com/wp-content/uploads/2025/09/Navigating-Network-Complexity.png","https://www.veltris.com/wp-content/uploads/2025/09/Reducing-High-Operational-Costs.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/09/Operational-Inefficiency.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-for-industry-banner-mobile.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovation-Velocity-Gap.png","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-json/wp/v2/pages/21997","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/Deploying-Agile-Private-Wireless.svg","https://www.veltris.com/wp-content/uploads/2025/09/Ensuring-Carrier-Grade-Security.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/wp-content/uploads/2025/09/Developed-a-Mobile-App-Platform-to-Facilitate-Various-Types-of-Payments--300x169.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Ensuring-Carrier-Grade-Security.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-for-industry-banner.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Client-Intelligence.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Model-Complexity-and-Accuracy.png","https://www.veltris.com/wp-content/uploads/2025/09/Infrastructure-Bottlenecks.png","https://www.veltris.com/wp-content/uploads/2025/09/Cold-Chain-Logistics-for-Enhanced-Operational-Efficiency-Data-Integration.png","https://www.veltris.com/wp-content/uploads/2025/04/Edge-AI-Deployment-Management.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernizing-Enterprise-Networks.svg","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-content/uploads/2025/04/Transportation-Logistics-Engineering-Construction.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/wp-content/uploads/2025/04/Electronics-and-Semiconductors.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2025/09/Generic-Client-Experinces.png","https://www.veltris.com/wp-content/uploads/2025/04/Advanced-Automation-Robotics-Deployment.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2025/04/Real-time-Data-Synchronization-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Industrial-Manufacturing-Automotive-Robotics.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Generative-AI-Control-Accuracy.png","https://www.veltris.com/wp-content/uploads/2025/09/Reducing-High-Operational-Costs.svg","https://www.veltris.com/wp-content/uploads/2025/04/Integrating-IT-and-OT-Networks.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/wp-content/uploads/2025/04/Computational-Resource-Management-Edge-vs.-Cloud.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Twins-for-Simulation-and-Optimization.png","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AIPowering-the-Smart-Industrial-Revolution.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Connectivity-IoT-5G-Edge-Computing.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/ai-solutions/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/12/CodeMedixAI_VIA.png","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-content/uploads/2025/09/Unlocking-Value-from-Data.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-industry%2F","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/industries/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/wp-content/uploads/2025/09/Accelerating-5G-Monetization.svg","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/09/Developed-a-Mobile-App-Platform-to-Facilitate-Various-Types-of-Payments-.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2025/09/Diversified-Industrials.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/11/Telemedicine.png","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/life-at-veltris/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fanimal-health-veterinary%2F","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-json/wp/v2/pages/30018","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries_mob.png","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/27703","https://www.veltris.com/wp-json/wp/v2/casestudies/27659","https://www.veltris.com/wp-content/uploads/2025/12/AI-Powered-Optical-Retail.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/wp-content/uploads/2025/12/Smart-Contact-Lenses-and-Wearables.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fvision-care%2F","https://www.veltris.com/wp-content/uploads/2025/04/Careers.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/12/Focus-on-Specialty-Care-Models.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/09/Content-Security.svg","https://www.veltris.com/wp-content/uploads/2025/12/Subscription-Based-Vision-Plans.png","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransforming-dental-patients-experience-with-an-ai-chatbot%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/28159","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/11/Lack-of-Multi-Location-Oversight-DSOs.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Precision-Medicine.png","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fpms-migration-from-eaglesoft-to-denticon%2F","https://www.veltris.com/wp-content/uploads/2024/07/remote-cardiovascular-monitoring-flow.png","https://www.veltris.com/wp-content/uploads/2025/11/Wearable-Technology.png","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fcustom-accurate-reporting-with-your-own-dso-datawarehouse%2F","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-content/uploads/2025/12/Tele-Optometry-Remote-Monitoring.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fpms-migration-from-eaglesoft-to-denticon%2F","https://www.veltris.com/wp-content/uploads/2025/11/Emerging-Tech.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fanimal-health-veterinary%2F","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/27694","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28109","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/wp-json/wp/v2/pages/30027","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-legacy-software-in-the-hearing-industry%2F","https://www.veltris.com/wp-content/uploads/2025/12/vision-care-Build.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Feligibility-automation-with-the-eligibility-bot%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransforming-dental-patients-experience-with-an-ai-chatbot%2F","https://www.veltris.com/wp-content/uploads/2025/12/Patient-Centric-Data-Control.png","https://www.veltris.com/wp-content/uploads/2025/12/Vetcare-Build.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28113","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system%2F","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Faccelerating-claims-turnaround-with-revenue-cycle-management-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/12/VetCare_Banner_600x800.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-legacy-software-in-the-hearing-industry%2F","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-content/uploads/2025/12/VisionCare-Monetize.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28147","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/12/Vision-Care-Banner_600x800.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Feligibility-automation-with-the-eligibility-bot%2F","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fcustom-accurate-reporting-with-your-own-dso-datawarehouse%2F","https://www.veltris.com/wp-content/uploads/2025/12/Smart-Contact-Lenses-and-Wearables.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Frevolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28151","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fvision-care%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fdisclaimer%2F","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2025/12/Vetcare-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/12/vision-care-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Data-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring%2F","https://www.veltris.com/wp-content/uploads/2025/12/VetCare_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-AI-Conversational-Chatbot-Improved-Customer-Support.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Frevolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system%2F","https://www.veltris.com/ai-for-enterprise/embed/","https://www.veltris.com/wp-content/uploads/2025/12/AI-Powered-Optical-Retail.svg","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Precision-Medicine.svg","https://www.veltris.com/wp-content/uploads/2025/12/animal-health-veterinary-modernize.png","https://www.veltris.com/wp-content/uploads/2025/12/Focus-on-Specialty-Care-Models.svg","https://www.veltris.com/wp-content/uploads/2019/08/Wavelabs-Case-Study-Waterlily.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Faccelerating-claims-turnaround-with-revenue-cycle-management-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Emerging-Tech.svg","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Telemedicine.svg","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Patient-Centric-Data-Control.svg","https://www.veltris.com/insights/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Data-Cloud.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring%2F","https://www.veltris.com/wp-content/uploads/2025/11/Icons_AI-Driven-Operations.svg","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Wearable-Technology.svg","https://www.veltris.com/client-case-studies/embed/","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Tele-Optometry-Remote-Monitoring.svg","https://www.veltris.com/wp-content/uploads/2025/12/Subscription-Based-Vision-Plans.svg","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/careers/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/wp-json/wp/v2/casestudies/13998","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/23144","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2025/12/Vision-Care-Banner_2000x700.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/14008","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/guides/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/ai-for-industry/embed/","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/industries/animal-health-veterinary/embed/","https://www.veltris.com/casestudies/pms-migration-from-eaglesoft-to-denticon/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/casestudies/custom-accurate-reporting-with-your-own-dso-datawarehouse/embed/","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/disclaimer/embed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/industries/vision-care/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/revolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system/embed/","https://www.veltris.com/casestudies/improved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system/embed/","https://www.veltris.com/casestudies/transformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring/embed/","https://www.veltris.com/casestudies/eligibility-automation-with-the-eligibility-bot/embed/","https://www.veltris.com/casestudies/modernizing-legacy-software-in-the-hearing-industry/embed/","https://www.veltris.com/casestudies/transforming-dental-patients-experience-with-an-ai-chatbot/embed/","https://www.veltris.com/casestudies/accelerating-claims-turnaround-with-revenue-cycle-management-solutions/embed/","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/embed/","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/"],"duration":20.477017402648926},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06111407279968},"passive_scan":{"status":"completed","duration":0.008597135543823242},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.veltris.com","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":1620.4876809120178},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a03c4718cfbec212862b489"},"created_at":{"$date":"2026-05-13T00:23:13.231Z"},"url":"https://www.veltris.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.veltris.com/","scan_timestamp":"20260512_175304","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":1272,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/about-us/","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-Vertical-AI-Banner_600x800-1.png","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/wp-json/","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/wp-content/uploads/2025/05/1%E2%80%94Mobile-600X800-%E2%80%93-1-1.png","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Home-Financial-Service.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/events/","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/pressroom/","https://www.veltris.com/services/","https://www.veltris.com/services/data-ai/","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/resources/","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/specialty-dental-brands.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/wp-content/uploads/2025/09/southern-dental-alliance.png","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/uploads/2025/09/Unitedhealthcare.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-2.png","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-content/uploads/2025/09/img_15.png","https://www.veltris.com/insights/","https://www.veltris.com/wp-content/uploads/2025/09/img_14.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_17.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/img_12-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-1.png","https://www.veltris.com/wp-content/uploads/2025/09/XL-dent.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-2.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-1.png","https://www.veltris.com/disclaimer/","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/whitepapers/","https://www.veltris.com/wp-content/uploads/2025/09/img_7.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/?p=19877","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_10.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_1.png","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/wp-content/uploads/2025/09/img_3.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_10.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12.png","https://www.veltris.com/wp-content/uploads/2025/03/img_9-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5-2.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_14.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3-2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_20.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/03/img_4-2.png","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-content/uploads/2025/03/img_16.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5.png","https://www.veltris.com/wp-json/wp/v2/pages/19877","https://www.veltris.com/wp-content/uploads/2025/03/img_13.png","https://www.veltris.com/wp-content/uploads/2025/03/Christmas-Celebration_3.png","https://www.veltris.com/wp-content/uploads/2025/03/img_19.png","https://www.veltris.com/wp-content/uploads/2025/03/img_6-1.png","https://www.veltris.com/client-case-studies/","https://www.veltris.com/?p=25066","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_9.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/wp-content/uploads/2025/09/Fuse.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_9-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Dentrix.png","https://www.veltris.com/wp-content/uploads/2025/03/img_11.png","https://www.veltris.com/wp-content/uploads/2025/03/img_8.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_17.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/guides/","https://www.veltris.com/wp-content/uploads/2025/09/img_2-2.png","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-content/uploads/2025/09/Opendental-software.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Dentrixenterprise.png","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2025/09/easydental.png","https://www.veltris.com/?p=30007","https://www.veltris.com/blogs/","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/careers/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/wp-content/uploads/2025/09/img_18.png","https://www.veltris.com/wp-content/uploads/2025/09/Build_darkblue-1.svg","https://www.veltris.com/sitemap/","https://www.veltris.com/industries/","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2025/09/Carestreamdental.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/09/OMS.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-content/uploads/2025/09/Identalsoft.png","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/uploads/2025/03/img_5-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-content/uploads/2025/09/Dolphin.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Build-1.svg","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-content/uploads/2025/09/img_13.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/casestudies/accelerating-claims-turnaround-with-revenue-cycle-management-solutions/","https://www.veltris.com/wp-content/uploads/2025/09/Modernize_darkblue-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/wp-content/uploads/2023/03/Custom-Accurate-Reporting-with-your-own-DSO-Datawarehouse-29-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_11.png","https://www.veltris.com/wp-content/uploads/2025/09/Abeldent.png","https://www.veltris.com/wp-content/uploads/2025/09/eaglesoft.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernize-1.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_12.png","https://www.veltris.com/casestudies/custom-accurate-reporting-with-your-own-dso-datawarehouse/","https://www.veltris.com/wp-content/uploads/2025/03/img_15.png","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/casestudies/transforming-dental-patients-experience-with-an-ai-chatbot/","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/casestudies/improved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system/","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/casestudies/increasing-data-insights-with-api-integration/","https://www.veltris.com/casestudies/pms-migration-from-eaglesoft-to-denticon/","https://www.veltris.com/wp-content/uploads/2025/03/img_1-1.png","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-content/uploads/2025/03/img_6.png","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/casestudies/revolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system/","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/casestudies/digital-platform-overhaul-to-enhance-automation-sales/","https://www.veltris.com/wp-content/uploads/2023/03/Custom-Accurate-Reporting-with-your-own-DSO-Datawarehouse-29.png","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1-2.png","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_4-1.png","https://www.veltris.com/events","https://www.veltris.com/wp-content/uploads/2025/03/img_3.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/?p=14037","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2025/03/img_4.png","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/03/img_18.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize_darkblue-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fevents%2F","https://www.veltris.com/events/pastevents","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/wp-content/uploads/2022/11/About-us-overview.png","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fevents%2F","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/?p=14022","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-json/wp/v2/pages/14037","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-content/uploads/2026/01/Jai-Shankar.png","https://www.veltris.com/?p=25111","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/?p=25086","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/09/Manan-Bhandari.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-content/uploads/2023/11/Vishal-Kapoor.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/About-us-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Shiva.jpg","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/About-us_Mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Events_Mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing_Daily_Logistical_Operations_through_Data_Analytics_Reporting.pdf","https://www.veltris.com/wp-content/uploads/2023/09/Kader-Khan.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2025/03/Sushma.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/wp-content/uploads/2025/04/Events.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Reduced-Scan-Time-of-MRI-Scanners-Using-AI-Enhanced-MRI-Images-for-a-Medical-Imaging-Software-Compan-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID-Detection-from-CT-Scan-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID_Detection_from_CT-Scan.pdf","https://www.veltris.com/?p=18546","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/?p=29587","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Reduced_Scan_Time_of_MRI_Scanners_Using_AI-Enhanced_MRI_Images_for_a_Medical_Imaging_Software_Company_.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-json/wp/v2/pages/18546","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing-Daily-Logistical-Operations-through-Data-Analytics-Reporting-300x169.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Product-Innovation.svg","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID-Detection-from-CT-Scan.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing-Daily-Logistical-Operations-through-Data-Analytics-Reporting.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_18-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_21-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_17-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_29.png","https://www.veltris.com/wp-content/uploads/2025/09/Img_7-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_24-1.png","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_27-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_13-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_31.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_13-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-5.png","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/09/img_20-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_22-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Flife-at-veltris%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_5-7.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Flife-at-veltris%2F","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Paralysis.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_23-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-6.png","https://www.veltris.com/wp-content/uploads/2025/09/Data-Silos-Underutilization.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-4.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/The-AI-Integration-Gap.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_6-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-4.png","https://www.veltris.com/wp-content/uploads/2025/09/Revenue-Diversification.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Silos-Underutilization.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_9-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-4.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_5-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-4.png","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Paralysis.svg","https://www.veltris.com/?p=28655","https://www.veltris.com/wp-content/uploads/2025/09/img_4-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-3.png","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-2.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-1.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-6.png","https://www.veltris.com/wp-content/uploads/2025/09/Revenue-Diversification.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-5.png","https://www.veltris.com/wp-content/uploads/2025/09/Security-Compliance-Maze.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-2.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-3.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_15-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-to-Meet-Demand.png","https://www.veltris.com/wp-content/uploads/2025/09/img_24.png","https://www.veltris.com/wp-content/uploads/2025/09/img_26.png","https://www.veltris.com/?p=25313","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-3.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_13-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_28.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-content/uploads/2025/09/Security-Compliance-Maze.svg","https://www.veltris.com/wp-content/uploads/2025/09/The-AI-Integration-Gap.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_9-2.png","https://www.veltris.com/wp-content/uploads/2025/09/Accelerate-Insights.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/09/Mid-market-PBMs.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Drive-Decisions-with-Advanced-Analytics.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-json/wp/v2/pages/25313","https://www.veltris.com/wp-content/uploads/2025/09/Build.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Monetize-Data-Assets.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_18-1.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Enhance-Constituent-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-to-Meet-Demand.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_23.png","https://www.veltris.com/wp-content/uploads/2025/09/img_17-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_22.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_27.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/?p=28540","https://www.veltris.com/wp-content/uploads/2025/09/icon_Optimize-End-to-End-Product-Lifecycle.svg","https://www.veltris.com/wp-content/uploads/2025/09/Increase-in-Team-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Ensure-Resilient-Cloud-Operations.svg","https://www.veltris.com/wp-content/uploads/2025/09/Payers-with-Integrated-PBM-Operations.png","https://www.veltris.com/wp-content/uploads/2025/09/PBM-Platforms-Needing-Modernization.png","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/09/Data-Accuracy-Reliability.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Build-Intelligent-Platforms.svg","https://www.veltris.com/?p=28753","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Modernize-with-AI-Automation.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_21.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-6.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/wp-content/uploads/2025/09/img_15-2.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2025/09/Domain-Specific-Accelerators.png","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Healthcare-Expertise.png","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Impact.png","https://www.veltris.com/wp-content/uploads/2025/09/Boost-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19-2.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernize.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-enterprise%2F","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-content/uploads/2025/09/Reduced-Scan-Time-of-MRI-Scanners-Using-AI-Enhanced-MRI-Images-for-a-Medical-Imaging-Software-Compan.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-First-Architecture.png","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-content/uploads/2025/09/Chip-to-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2025/09/Redirect-Costs-to-Innovation.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovate-Faster.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-enterprise%2F","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_26-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_25.png","https://www.veltris.com/wp-content/uploads/2025/12/BotCraftAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/12/ThreatShieldAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-5.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_11-2.png","https://www.veltris.com/wp-content/uploads/2025/12/InvoiceXtractAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Ecosystem.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-6.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/img_25-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_2-3.png","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_30.png","https://www.veltris.com/wp-content/uploads/2025/09/Healthcare-Lifesciences_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Compliance-Ready-by-Design.png","https://www.veltris.com/wp-content/uploads/2025/09/img_20.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/HireVellAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/09/product-lifecycle-managed-healthcare.png","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Siloed-Data-Hindering-Insights.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/digital-cloud-healthcare.png","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-Technology-Debt.svg","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/wp-content/uploads/2025/09/Inefficient-Manual-Workflows.svg","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Rising-Cybersecurity-Threats.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Pace-of-Digital-Innovation.svg","https://www.veltris.com/wp-content/uploads/2025/09/Generic-One-Size-Fits-All-Client-Experiences.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-content/uploads/2025/09/healthcare-lifesciences-data-AI.png","https://www.veltris.com/wp-content/uploads/2025/09/Underutilized-Data-Assets.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/12/VIA-AI-Enterprise-Banner.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-content/uploads/2025/12/DocuSenseAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement-1-1.png","https://www.veltris.com/wp-content/uploads/2025/12/AuraVoiceAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-content/uploads/2025/12/VIA-AI-Enterprise-Banner-Mobile.png","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-6.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/?p=28005","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Lifecycle-Management.png","https://www.veltris.com/?p=29239","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-4.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Reliable-Factory-Connectivity.png","https://www.veltris.com/wp-content/uploads/2025/09/Maximizing-Asset-Uptime.png","https://www.veltris.com/wp-content/uploads/2025/09/Shrinking-Design-Cycles.png","https://www.veltris.com/wp-content/uploads/2025/09/Unlocking-Value-from-Data.png","https://www.veltris.com/wp-content/uploads/2025/09/Shrinking-Design-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/09/Reliable-Factory-Connectivity.svg","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Maximizing-Asset-Uptime.svg","https://www.veltris.com/wp-content/uploads/2025/09/Difficulty-in-Scaling-Operations.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-content/uploads/2025/09/Unlocking-Value-from-Data.svg","https://www.veltris.com/wp-content/uploads/2025/09/Innovation-Velocity-Gap.png","https://www.veltris.com/wp-content/uploads/2025/09/Developed_a_Mobile_App_Platform_to_Facilitate_Various_Types_of_Payments.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Lifecycle-Management.svg","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-6.png","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Underutilized-Data-Assets.png","https://www.veltris.com/wp-content/uploads/2025/09/Developed-a-Mobile-App-Platform-to-Facilitate-Various-Types-of-Payments--300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Infrastructure-Bottlenecks.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Reducing-High-Operational-Costs.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/ERD-Verification-Validation.svg","https://www.veltris.com/wp-content/uploads/2025/09/Payers-Modernizing-Claims-RCM.png","https://www.veltris.com/wp-content/uploads/2025/09/Generic-Client-Experinces.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/IT-OT-Field-Convergence.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Client-Intelligence.png","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Navigating-Network-Complexity.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Smart-Factory-Smart-Things.svg","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Deploying-Agile-Private-Wireless.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/privacy-policy/feed/","https://www.veltris.com/wp-json/wp/v2/pages/21997","https://www.veltris.com/wp-content/uploads/2025/09/Accelerating-5G-Monetization.png","https://www.veltris.com/wp-json/wp/v2/pages/13946","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Managers-PBMs.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Ensuring-Carrier-Grade-Security.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Finsights%2F","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernizing-Enterprise-Networks.svg","https://www.veltris.com/wp-content/uploads/2025/09/Deploying-Agile-Private-Wireless.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fdisclaimer%2F","https://www.veltris.com/wp-json/wp/v2/pages/3","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-content/uploads/2025/09/Accelerating-5G-Monetization.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Finsights%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fdisclaimer%2F","https://www.veltris.com/wp-content/uploads/2025/09/Ensuring-Carrier-Grade-Security.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Reducing-High-Operational-Costs.svg","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-content/uploads/2025/09/Operational-Inefficiency.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2025/09/Developed-a-Mobile-App-Platform-to-Facilitate-Various-Types-of-Payments-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernizing-Enterprise-Networks.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers_Banner_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-json/wp/v2/casestudies/27659","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Navigating-Network-Complexity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fcustom-accurate-reporting-with-your-own-dso-datawarehouse%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransforming-dental-patients-experience-with-an-ai-chatbot%2F","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/about-us/embed/","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-json/wp/v2/casestudies/28113","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransforming-dental-patients-experience-with-an-ai-chatbot%2F","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/04/Insights_mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system%2F","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fcustom-accurate-reporting-with-your-own-dso-datawarehouse%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fincreasing-data-insights-with-api-integration%2F","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28147","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-json/wp/v2/pages/30027","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fpms-migration-from-eaglesoft-to-denticon%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Insights.png","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28155","https://www.veltris.com/wp-json/wp/v2/casestudies/27703","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fincreasing-data-insights-with-api-integration%2F","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fpms-migration-from-eaglesoft-to-denticon%2F","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fvision-care%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28101","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Tele-Optometry-Remote-Monitoring.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fvision-care%2F","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/uploads/2025/12/Vision-Care-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fdigital-platform-overhaul-to-enhance-automation-sales%2F","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/events/embed/","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-json/wp/v2/pages/30018","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Frevolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system%2F","https://www.veltris.com/wp-json/wp/v2/pages/29266","https://www.veltris.com/wp-json/wp/v2/pages/29339","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2025/11/Telemedicine.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fanimal-health-veterinary%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fdigital-platform-overhaul-to-enhance-automation-sales%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Frevolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system%2F","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/casestudies/modernizing-legacy-software-in-the-hearing-industry/","https://www.veltris.com/wp-content/uploads/2025/11/Precision-Medicine.png","https://www.veltris.com/casestudies/eligibility-automation-with-the-eligibility-bot/","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/wp-json/wp/v2/casestudies/28109","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Wearable-Technology.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fanimal-health-veterinary%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/casestudies/transformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2025/11/Data-Cloud.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/12/Vision-Care-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/ai-for-enterprise/embed/","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-content/uploads/2025/11/Emerging-Tech.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Precision-Medicine.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-content/uploads/2025/11/Lack-of-Multi-Location-Oversight-DSOs.png","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Data-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Telemedicine.svg","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Emerging-Tech.svg","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Wearable-Technology.svg","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/insights/embed/","https://www.veltris.com/privacy-policy/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/disclaimer/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/casestudies/pms-migration-from-eaglesoft-to-denticon/embed/","https://www.veltris.com/life-at-veltris/embed/","https://www.veltris.com/casestudies/increasing-data-insights-with-api-integration/embed/","https://www.veltris.com/casestudies/custom-accurate-reporting-with-your-own-dso-datawarehouse/embed/","https://www.veltris.com/casestudies/modernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home/","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/casestudies/improved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_AI-Driven-Operations.svg","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/transforming-dental-patients-experience-with-an-ai-chatbot/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/industries/animal-health-veterinary/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-legacy-software-in-the-hearing-industry%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28151","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Feligibility-automation-with-the-eligibility-bot%2F","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-legacy-software-in-the-hearing-industry%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/27694","https://www.veltris.com/wp-content/uploads/2024/07/remote-cardiovascular-monitoring-flow.png","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/23144","https://www.veltris.com/industries/vision-care/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/casestudies/digital-platform-overhaul-to-enhance-automation-sales/embed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/casestudies/revolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system/embed/","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Feligibility-automation-with-the-eligibility-bot%2F","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring%2F","https://www.veltris.com/casestudies/eligibility-automation-with-the-eligibility-bot/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/23194","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home%2F","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/casestudies/modernizing-legacy-software-in-the-hearing-industry/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home%2F","https://www.veltris.com/wp-content/uploads/2024/07/Deathcare_Vector.svg","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/casestudies/transformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring/embed/","https://www.veltris.com/casestudies/modernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home/embed/"],"duration":20.408108711242676},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.08509588241577},"passive_scan":{"status":"completed","duration":0.009577751159667969},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.veltris.com","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":2280.829070329666},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a03df5bba9e9d765798b780"},"created_at":{"$date":"2026-05-13T02:18:03.616Z"},"url":"https://www.veltris.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.veltris.com/","scan_timestamp":"20260512_215812","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"1","status":"completed","urls_found":1272,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/about-us/","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-Vertical-AI-Banner_600x800-1.png","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/wp-json/","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/wp-content/uploads/2025/05/1%E2%80%94Mobile-600X800-%E2%80%93-1-1.png","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Home-Financial-Service.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/events/","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/pressroom/","https://www.veltris.com/services/","https://www.veltris.com/services/data-ai/","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/resources/","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/specialty-dental-brands.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/wp-content/uploads/2025/09/southern-dental-alliance.png","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/uploads/2025/09/Unitedhealthcare.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-2.png","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-content/uploads/2025/09/img_15.png","https://www.veltris.com/insights/","https://www.veltris.com/wp-content/uploads/2025/09/img_14.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_17.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/img_12-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-1.png","https://www.veltris.com/wp-content/uploads/2025/09/XL-dent.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-2.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-1.png","https://www.veltris.com/disclaimer/","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/whitepapers/","https://www.veltris.com/wp-content/uploads/2025/09/img_7.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/?p=19877","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_10.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_1.png","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/wp-content/uploads/2025/09/img_3.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_10.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12.png","https://www.veltris.com/wp-content/uploads/2025/03/img_9-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5-2.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_14.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3-2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_20.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/03/img_4-2.png","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-content/uploads/2025/03/img_16.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5.png","https://www.veltris.com/wp-json/wp/v2/pages/19877","https://www.veltris.com/wp-content/uploads/2025/03/img_13.png","https://www.veltris.com/wp-content/uploads/2025/03/Christmas-Celebration_3.png","https://www.veltris.com/wp-content/uploads/2025/03/img_19.png","https://www.veltris.com/wp-content/uploads/2025/03/img_6-1.png","https://www.veltris.com/client-case-studies/","https://www.veltris.com/?p=25066","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_9.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/wp-content/uploads/2025/09/Fuse.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_9-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Dentrix.png","https://www.veltris.com/wp-content/uploads/2025/03/img_11.png","https://www.veltris.com/wp-content/uploads/2025/03/img_8.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_17.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/guides/","https://www.veltris.com/wp-content/uploads/2025/09/img_2-2.png","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-content/uploads/2025/09/Opendental-software.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Dentrixenterprise.png","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2025/09/easydental.png","https://www.veltris.com/?p=30007","https://www.veltris.com/blogs/","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/careers/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/wp-content/uploads/2025/09/img_18.png","https://www.veltris.com/wp-content/uploads/2025/09/Build_darkblue-1.svg","https://www.veltris.com/sitemap/","https://www.veltris.com/industries/","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2025/09/Carestreamdental.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/09/OMS.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-content/uploads/2025/09/Identalsoft.png","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/uploads/2025/03/img_5-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-content/uploads/2025/09/Dolphin.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Build-1.svg","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-content/uploads/2025/09/img_13.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/casestudies/accelerating-claims-turnaround-with-revenue-cycle-management-solutions/","https://www.veltris.com/wp-content/uploads/2025/09/Modernize_darkblue-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/wp-content/uploads/2023/03/Custom-Accurate-Reporting-with-your-own-DSO-Datawarehouse-29-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_11.png","https://www.veltris.com/wp-content/uploads/2025/09/Abeldent.png","https://www.veltris.com/wp-content/uploads/2025/09/eaglesoft.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernize-1.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_12.png","https://www.veltris.com/casestudies/custom-accurate-reporting-with-your-own-dso-datawarehouse/","https://www.veltris.com/wp-content/uploads/2025/03/img_15.png","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/casestudies/transforming-dental-patients-experience-with-an-ai-chatbot/","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/casestudies/improved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system/","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/casestudies/increasing-data-insights-with-api-integration/","https://www.veltris.com/casestudies/pms-migration-from-eaglesoft-to-denticon/","https://www.veltris.com/wp-content/uploads/2025/03/img_1-1.png","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-content/uploads/2025/03/img_6.png","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/casestudies/revolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system/","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/casestudies/digital-platform-overhaul-to-enhance-automation-sales/","https://www.veltris.com/wp-content/uploads/2023/03/Custom-Accurate-Reporting-with-your-own-DSO-Datawarehouse-29.png","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1-2.png","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_4-1.png","https://www.veltris.com/events","https://www.veltris.com/wp-content/uploads/2025/03/img_3.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/?p=14037","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2025/03/img_4.png","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/03/img_18.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize_darkblue-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fevents%2F","https://www.veltris.com/events/pastevents","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/wp-content/uploads/2022/11/About-us-overview.png","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fevents%2F","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/?p=14022","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-json/wp/v2/pages/14037","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-content/uploads/2026/01/Jai-Shankar.png","https://www.veltris.com/?p=25111","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/?p=25086","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/09/Manan-Bhandari.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-content/uploads/2023/11/Vishal-Kapoor.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/About-us-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Shiva.jpg","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/About-us_Mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Events_Mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing_Daily_Logistical_Operations_through_Data_Analytics_Reporting.pdf","https://www.veltris.com/wp-content/uploads/2023/09/Kader-Khan.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2025/03/Sushma.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/wp-content/uploads/2025/04/Events.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Reduced-Scan-Time-of-MRI-Scanners-Using-AI-Enhanced-MRI-Images-for-a-Medical-Imaging-Software-Compan-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID-Detection-from-CT-Scan-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID_Detection_from_CT-Scan.pdf","https://www.veltris.com/?p=18546","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/?p=29587","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Reduced_Scan_Time_of_MRI_Scanners_Using_AI-Enhanced_MRI_Images_for_a_Medical_Imaging_Software_Company_.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-json/wp/v2/pages/18546","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing-Daily-Logistical-Operations-through-Data-Analytics-Reporting-300x169.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Product-Innovation.svg","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/wp-content/uploads/2025/09/COVID-Detection-from-CT-Scan.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/wp-content/uploads/2025/09/Enhancing-Daily-Logistical-Operations-through-Data-Analytics-Reporting.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_18-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_21-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_17-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_29.png","https://www.veltris.com/wp-content/uploads/2025/09/Img_7-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_24-1.png","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_27-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_13-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_31.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_13-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-5.png","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/09/img_20-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_22-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-6.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Flife-at-veltris%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_5-7.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Flife-at-veltris%2F","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Paralysis.png","https://www.veltris.com/wp-content/uploads/2025/09/img_2-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_23-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-6.png","https://www.veltris.com/wp-content/uploads/2025/09/Data-Silos-Underutilization.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-4.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/The-AI-Integration-Gap.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_6-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-4.png","https://www.veltris.com/wp-content/uploads/2025/09/Revenue-Diversification.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Silos-Underutilization.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_9-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-4.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_5-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_1-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-2.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-4.png","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-System-Paralysis.svg","https://www.veltris.com/?p=28655","https://www.veltris.com/wp-content/uploads/2025/09/img_4-3.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-3.png","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_12-2.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_14-1.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_11-6.png","https://www.veltris.com/wp-content/uploads/2025/09/Revenue-Diversification.png","https://www.veltris.com/wp-content/uploads/2025/09/img_6-5.png","https://www.veltris.com/wp-content/uploads/2025/09/Security-Compliance-Maze.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-2.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-3.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-4.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_15-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-to-Meet-Demand.png","https://www.veltris.com/wp-content/uploads/2025/09/img_24.png","https://www.veltris.com/wp-content/uploads/2025/09/img_26.png","https://www.veltris.com/?p=25313","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-3.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/09/img_13-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_28.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-content/uploads/2025/09/Security-Compliance-Maze.svg","https://www.veltris.com/wp-content/uploads/2025/09/The-AI-Integration-Gap.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_9-2.png","https://www.veltris.com/wp-content/uploads/2025/09/Accelerate-Insights.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/09/Mid-market-PBMs.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Drive-Decisions-with-Advanced-Analytics.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-json/wp/v2/pages/25313","https://www.veltris.com/wp-content/uploads/2025/09/Build.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Monetize-Data-Assets.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_18-1.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Enhance-Constituent-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/Scaling-to-Meet-Demand.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_23.png","https://www.veltris.com/wp-content/uploads/2025/09/img_17-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_22.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_3-7.png","https://www.veltris.com/wp-content/uploads/2025/09/img_27.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/?p=28540","https://www.veltris.com/wp-content/uploads/2025/09/icon_Optimize-End-to-End-Product-Lifecycle.svg","https://www.veltris.com/wp-content/uploads/2025/09/Increase-in-Team-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Ensure-Resilient-Cloud-Operations.svg","https://www.veltris.com/wp-content/uploads/2025/09/Payers-with-Integrated-PBM-Operations.png","https://www.veltris.com/wp-content/uploads/2025/09/PBM-Platforms-Needing-Modernization.png","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/09/Data-Accuracy-Reliability.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Build-Intelligent-Platforms.svg","https://www.veltris.com/?p=28753","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/icon_Modernize-with-AI-Automation.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_21.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-6.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/wp-content/uploads/2025/09/img_15-2.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2025/09/Domain-Specific-Accelerators.png","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Healthcare-Expertise.png","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Impact.png","https://www.veltris.com/wp-content/uploads/2025/09/Boost-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.png","https://www.veltris.com/wp-content/uploads/2025/09/Monetize.png","https://www.veltris.com/wp-content/uploads/2025/09/img_19-2.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernize.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-enterprise%2F","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-content/uploads/2025/09/Reduced-Scan-Time-of-MRI-Scanners-Using-AI-Enhanced-MRI-Images-for-a-Medical-Imaging-Software-Compan.png","https://www.veltris.com/wp-content/uploads/2025/09/AI-First-Architecture.png","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-content/uploads/2025/09/Chip-to-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2025/09/Redirect-Costs-to-Innovation.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovate-Faster.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-enterprise%2F","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-content/uploads/2025/09/img_7-5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_10-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_26-1.png","https://www.veltris.com/wp-content/uploads/2025/09/img_16-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_25.png","https://www.veltris.com/wp-content/uploads/2025/12/BotCraftAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/12/ThreatShieldAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/09/img_8-5.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_11-2.png","https://www.veltris.com/wp-content/uploads/2025/12/InvoiceXtractAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Ecosystem.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-5.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-6.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/img_25-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-content/uploads/2025/09/img_2-3.png","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2025/09/img_30.png","https://www.veltris.com/wp-content/uploads/2025/09/Healthcare-Lifesciences_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Compliance-Ready-by-Design.png","https://www.veltris.com/wp-content/uploads/2025/09/img_20.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/HireVellAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/09/product-lifecycle-managed-healthcare.png","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Siloed-Data-Hindering-Insights.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/digital-cloud-healthcare.png","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/09/Legacy-Technology-Debt.svg","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/wp-content/uploads/2025/09/Inefficient-Manual-Workflows.svg","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Rising-Cybersecurity-Threats.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Slow-Pace-of-Digital-Innovation.svg","https://www.veltris.com/wp-content/uploads/2025/09/Generic-One-Size-Fits-All-Client-Experiences.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-content/uploads/2025/09/healthcare-lifesciences-data-AI.png","https://www.veltris.com/wp-content/uploads/2025/09/Underutilized-Data-Assets.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/12/VIA-AI-Enterprise-Banner.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-content/uploads/2025/12/DocuSenseAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement-1-1.png","https://www.veltris.com/wp-content/uploads/2025/12/AuraVoiceAI_Enterprise.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-content/uploads/2025/12/VIA-AI-Enterprise-Banner-Mobile.png","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/img_4-6.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/?p=28005","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Lifecycle-Management.png","https://www.veltris.com/?p=29239","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_9-4.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Reliable-Factory-Connectivity.png","https://www.veltris.com/wp-content/uploads/2025/09/Maximizing-Asset-Uptime.png","https://www.veltris.com/wp-content/uploads/2025/09/Shrinking-Design-Cycles.png","https://www.veltris.com/wp-content/uploads/2025/09/Unlocking-Value-from-Data.png","https://www.veltris.com/wp-content/uploads/2025/09/Shrinking-Design-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/09/Reliable-Factory-Connectivity.svg","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Maximizing-Asset-Uptime.svg","https://www.veltris.com/wp-content/uploads/2025/09/Difficulty-in-Scaling-Operations.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-content/uploads/2025/09/Unlocking-Value-from-Data.svg","https://www.veltris.com/wp-content/uploads/2025/09/Innovation-Velocity-Gap.png","https://www.veltris.com/wp-content/uploads/2025/09/Developed_a_Mobile_App_Platform_to_Facilitate_Various_Types_of_Payments.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Lifecycle-Management.svg","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/img_5-6.png","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Underutilized-Data-Assets.png","https://www.veltris.com/wp-content/uploads/2025/09/Developed-a-Mobile-App-Platform-to-Facilitate-Various-Types-of-Payments--300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Infrastructure-Bottlenecks.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Reducing-High-Operational-Costs.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/ERD-Verification-Validation.svg","https://www.veltris.com/wp-content/uploads/2025/09/Payers-Modernizing-Claims-RCM.png","https://www.veltris.com/wp-content/uploads/2025/09/Generic-Client-Experinces.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/IT-OT-Field-Convergence.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/09/Fragmented-Client-Intelligence.png","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/09/Navigating-Network-Complexity.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Smart-Factory-Smart-Things.svg","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-content/uploads/2025/09/Deploying-Agile-Private-Wireless.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/privacy-policy/feed/","https://www.veltris.com/wp-json/wp/v2/pages/21997","https://www.veltris.com/wp-content/uploads/2025/09/Accelerating-5G-Monetization.png","https://www.veltris.com/wp-json/wp/v2/pages/13946","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Managers-PBMs.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Ensuring-Carrier-Grade-Security.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Finsights%2F","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernizing-Enterprise-Networks.svg","https://www.veltris.com/wp-content/uploads/2025/09/Deploying-Agile-Private-Wireless.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fdisclaimer%2F","https://www.veltris.com/wp-json/wp/v2/pages/3","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-content/uploads/2025/09/Accelerating-5G-Monetization.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Finsights%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fdisclaimer%2F","https://www.veltris.com/wp-content/uploads/2025/09/Ensuring-Carrier-Grade-Security.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/09/Reducing-High-Operational-Costs.svg","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-content/uploads/2025/09/Operational-Inefficiency.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2025/09/Developed-a-Mobile-App-Platform-to-Facilitate-Various-Types-of-Payments-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Modernizing-Enterprise-Networks.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers_Banner_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-json/wp/v2/casestudies/27659","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2025/09/Navigating-Network-Complexity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fcustom-accurate-reporting-with-your-own-dso-datawarehouse%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransforming-dental-patients-experience-with-an-ai-chatbot%2F","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/about-us/embed/","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-json/wp/v2/casestudies/28113","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransforming-dental-patients-experience-with-an-ai-chatbot%2F","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/04/Insights_mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system%2F","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fcustom-accurate-reporting-with-your-own-dso-datawarehouse%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fincreasing-data-insights-with-api-integration%2F","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28147","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-json/wp/v2/pages/30027","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fpms-migration-from-eaglesoft-to-denticon%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Insights.png","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28155","https://www.veltris.com/wp-json/wp/v2/casestudies/27703","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fincreasing-data-insights-with-api-integration%2F","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fpms-migration-from-eaglesoft-to-denticon%2F","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fvision-care%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28101","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Tele-Optometry-Remote-Monitoring.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fvision-care%2F","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/uploads/2025/12/Vision-Care-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fdigital-platform-overhaul-to-enhance-automation-sales%2F","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/events/embed/","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-json/wp/v2/pages/30018","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Frevolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system%2F","https://www.veltris.com/wp-json/wp/v2/pages/29266","https://www.veltris.com/wp-json/wp/v2/pages/29339","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2025/11/Telemedicine.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fanimal-health-veterinary%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fdigital-platform-overhaul-to-enhance-automation-sales%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Frevolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system%2F","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/casestudies/modernizing-legacy-software-in-the-hearing-industry/","https://www.veltris.com/wp-content/uploads/2025/11/Precision-Medicine.png","https://www.veltris.com/casestudies/eligibility-automation-with-the-eligibility-bot/","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/wp-json/wp/v2/casestudies/28109","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Wearable-Technology.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fanimal-health-veterinary%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/casestudies/transformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2025/11/Data-Cloud.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/12/Vision-Care-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/ai-for-enterprise/embed/","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-content/uploads/2025/11/Emerging-Tech.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Precision-Medicine.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-content/uploads/2025/11/Lack-of-Multi-Location-Oversight-DSOs.png","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Data-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Telemedicine.svg","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Emerging-Tech.svg","https://www.veltris.com/wp-content/uploads/2025/11/Icons_Wearable-Technology.svg","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/insights/embed/","https://www.veltris.com/privacy-policy/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/disclaimer/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/casestudies/pms-migration-from-eaglesoft-to-denticon/embed/","https://www.veltris.com/life-at-veltris/embed/","https://www.veltris.com/casestudies/increasing-data-insights-with-api-integration/embed/","https://www.veltris.com/casestudies/custom-accurate-reporting-with-your-own-dso-datawarehouse/embed/","https://www.veltris.com/casestudies/modernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home/","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/casestudies/improved-patient-interactions-hipaa-compliant-pms-integration-with-the-phone-system/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Icons_AI-Driven-Operations.svg","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/transforming-dental-patients-experience-with-an-ai-chatbot/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/industries/animal-health-veterinary/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-legacy-software-in-the-hearing-industry%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28151","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Feligibility-automation-with-the-eligibility-bot%2F","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-legacy-software-in-the-hearing-industry%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/27694","https://www.veltris.com/wp-content/uploads/2024/07/remote-cardiovascular-monitoring-flow.png","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/23144","https://www.veltris.com/industries/vision-care/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/casestudies/digital-platform-overhaul-to-enhance-automation-sales/embed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/casestudies/revolutionizing-patient-engagement-for-a-dso-with-veltris-innovative-system/embed/","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Feligibility-automation-with-the-eligibility-bot%2F","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Ftransformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring%2F","https://www.veltris.com/casestudies/eligibility-automation-with-the-eligibility-bot/embed/","https://www.veltris.com/wp-json/wp/v2/casestudies/23194","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home%2F","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/casestudies/modernizing-legacy-software-in-the-hearing-industry/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmodernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home%2F","https://www.veltris.com/wp-content/uploads/2024/07/Deathcare_Vector.svg","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/casestudies/transformed-cardiac-care-by-assisting-heart-monitor-manufacturer-in-remote-patient-monitoring/embed/","https://www.veltris.com/casestudies/modernizing-a-legacy-how-digital-transformation-drove-growth-for-a-san-francisco-funeral-home/embed/"],"duration":0.7880210876464844},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.04223275184631},"passive_scan":{"status":"completed","duration":0.004114627838134766},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.veltris.com","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"1","status":"completed","duration":1140.2686414718628},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"}}},"summary":""},{"_id":{"$oid":"6a06e6c7aed691ab297f3f58"},"created_at":{"$date":"2026-05-15T09:26:31.749Z"},"url":"https://freesearchigrservice.maharashtra.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://freesearchigrservice.maharashtra.gov.in/","scan_timestamp":"20260515_092001","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":0,"urls_list":[],"duration":10.047345876693726},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.08445143699646},"passive_scan":{"status":"completed","duration":0.009969234466552734},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"freesearchigrservice.maharashtra.gov.in","open_ports":[443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":90.02495384216309},"vulnerabilities":{"total_alerts":24,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":24,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"146","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"0","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"148","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"1","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"150","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"2","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"152","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"3","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"154","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"4","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":156,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"156","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"5","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"158","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"6","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":160,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"160","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"7","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"162","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"8","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"164","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"9","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"166","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"10","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"168","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"11","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"170","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"12","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"172","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":174,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"174","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"176","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":178,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"178","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"180","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":182,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"182","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"18","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"184","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"19","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"186","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"20","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":188,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"188","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"21","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"190","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"22","alertRef":"10104"},{"nodeName":"https://freesearchigrservice.maharashtra.gov.in","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":192,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"192","inputVector":"","url":"https://freesearchigrservice.maharashtra.gov.in","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"23","alertRef":"10104"}]},"vulnerability_types":{"User Agent Fuzzer":24},"owasp_top10":{"Unmapped / Other":24}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a0d56d4107d8bbe8cd71a51"},"created_at":{"$date":"2026-05-20T06:38:12.015Z"},"url":"https://pro.anveshaktool.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://pro.anveshaktool.in/","scan_timestamp":"20260520_063445","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":3,"urls_list":["https://pro.anveshaktool.in/","https://pro.anveshaktool.in/sitemap.xml","https://pro.anveshaktool.in/robots.txt"],"duration":10.038383722305298},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06920886039734},"passive_scan":{"status":"completed","duration":0.006232023239135742},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"pro.anveshaktool.in","open_ports":[80,443,8080,8443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":60.02408838272095},"vulnerabilities":{"total_alerts":6,"high_risk":0,"medium_risk":0,"low_risk":5,"informational":1,"alerts_by_risk":{"High":[],"Medium":[],"Low":[{"nodeName":"https://pro.anveshaktool.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://pro.anveshaktool.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"0","alertRef":"10035-1"},{"nodeName":"https://pro.anveshaktool.in/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":7,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"7","inputVector":"","url":"https://pro.anveshaktool.in/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1","alertRef":"10035-1"},{"nodeName":"https://pro.anveshaktool.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":8,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"8","inputVector":"","url":"https://pro.anveshaktool.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"4","alertRef":"10035-1"},{"nodeName":"https://pro.anveshaktool.in/robots.txt","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":8,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"8","inputVector":"","url":"https://pro.anveshaktool.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"5","alertRef":"10021"},{"nodeName":"http://pro.anveshaktool.in/robots.txt","sourceid":"1","other":"ZAP attempted to connect via: http://pro.anveshaktool.in/robots.txt","method":"GET","evidence":"http://pro.anveshaktool.in/robots.txt","pluginId":"10047","cweid":"311","confidence":"Medium","sourceMessageId":8,"wascid":"4","description":"Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).","messageId":"150","inputVector":"","url":"https://pro.anveshaktool.in/robots.txt","tags":{"OWASP_2025_A04":"https://owasp.org/Top10/2025/A04_2025-Cryptographic_Failures/","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_FULL":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-CRYP-03":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels","CWE-311":"https://cwe.mitre.org/data/definitions/311.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to only serve such content via HTTPS. Consider implementing HTTP Strict Transport Security.","alert":"HTTPS Content Available via HTTP","param":"","attack":"","name":"HTTPS Content Available via HTTP","risk":"Low","id":"6","alertRef":"10047"}],"Informational":[{"nodeName":"https://pro.anveshaktool.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":8,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"8","inputVector":"","url":"https://pro.anveshaktool.in/robots.txt","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"3","alertRef":"10015"}]},"vulnerability_types":{"Strict-Transport-Security Header Not Set":3,"Re-examine Cache-control Directives":1,"X-Content-Type-Options Header Missing":1,"HTTPS Content Available via HTTP":1},"owasp_top10":{"A05: Security Misconfiguration":4,"Unmapped / Other":2}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a0e61843b852bf051e2fe24"},"created_at":{"$date":"2026-05-21T01:36:04.150Z"},"url":"https://www.veltris.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.veltris.com/","scan_timestamp":"20260520_160655","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":1429,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cantier.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-json/","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/uploads/2023/09/Hi-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/careers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/client-case-studies/","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/services/data-ai/","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/industries/","https://www.veltris.com/services/","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Healthcare-Expertise.png","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/whitepapers/","https://www.veltris.com/wp-content/uploads/2025/09/Compliance-Ready-by-Design.png","https://www.veltris.com/wp-content/uploads/2025/09/Increase-in-Team-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/11/Tarannum_Fatima.jpg","https://www.veltris.com/wp-content/uploads/2022/11/anvesh-200x200-1.jpeg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/wp-content/uploads/2022/11/Manivsrsh-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Domain-Specific-Accelerators.png","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Accuracy-Reliability.png","https://www.veltris.com/guides/","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/wp-content/uploads/2025/09/AI-First-Architecture.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/uploads/2022/11/Surya-Vamsi-200x200-1.jpeg","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Impact.png","https://www.veltris.com/wp-content/uploads/2025/11/Anurag_Choudhary.jpg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/wp-content/uploads/2022/09/carrers-img.jpeg","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.png","https://www.veltris.com/wp-content/uploads/2022/11/Madhav-J-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-content/uploads/2022/11/Venu.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovate-Faster.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/about-us/","https://www.veltris.com/wp-content/uploads/2025/09/product-lifecycle-managed-healthcare.png","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/wp-content/uploads/2025/09/Accelerate-Insights.png","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2025/09/digital-cloud-healthcare.png","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/wp-content/uploads/2025/04/Careers.png","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2022/11/Bhargavi-200x200-1.png","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/sitemap/","https://www.veltris.com/wp-content/uploads/2025/09/Chip-to-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2025/11/MVSN_Raju.jpg","https://www.veltris.com/wp-content/uploads/2022/11/Ravi-Sanapla-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/healthcare-lifesciences-data-AI.png","https://www.veltris.com/wp-content/uploads/2022/11/Swathi-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Healthcare-Lifesciences_Banner_2000x700.png","https://www.veltris.com/resources/","https://www.veltris.com/wp-content/uploads/2022/11/Abdul-200x200-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Johnson.png","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/04/Careers_mob.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Boost-Productivity.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Redirect-Costs-to-Innovation.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Ecosystem.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/blogs/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study.pdf","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/events/","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/uploads/2022/11/Murali-Krishna-1-200x200-1.png","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2026/02/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study.pdf","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail-300x169.png","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study-300x169.png","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/?p=30392","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/pressroom/","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/pressroom","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50_engineering_productivity_gains.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/?p=25066","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains.png","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/?p=14556","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/whitepapers","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/case-studies","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/wp-json/wp/v2/pages/14556","https://www.veltris.com/blogs","https://www.veltris.com/wp-content/uploads/2026/05/ai-ready-data-fabric-for-a-multi-unit-dental-network.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/3","https://www.veltris.com/infographics","https://www.veltris.com/guides","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/?p=27074","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail.png","https://www.veltris.com/resources","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies.png","https://www.veltris.com/?p=3","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/disclaimer/","https://www.veltris.com/wp-content/uploads/2025/07/Overview-img-size-640x470-1.png","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies_mob.png","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/insights/","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/privacy-policy/feed/","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/?p=28540","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/?p=25086","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-Mobile-600X800.png","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-json/wp/v2/pages/14069","https://www.veltris.com/?p=22001","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/?p=14560","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/?p=28249","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/?p=28383","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/?p=27965","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27965","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study.png","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations_mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-content/uploads/2025/07/AgenticAI-Tech-Stack-Play-scaled-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-content/uploads/2025/07/Veltris_Accelerated_AI-Platform.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_9-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-content/uploads/2025/03/img_3-2.png","https://www.veltris.com/?p=19877","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-content/uploads/2025/03/img_1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_4-2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/?p=25111","https://www.veltris.com/wp-content/uploads/2025/03/img_4-1.png","https://www.veltris.com/wp-json/wp/v2/pages/22001","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_19.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_18.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_17.png","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/19877","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/?p=28435","https://www.veltris.com/casestudies/built-a-robust-foundational-data-reporting-platform-for-a-leading-ott-solutions-provider/","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-content/uploads/2025/03/img_13.png","https://www.veltris.com/wp-content/uploads/2025/04/Cyber-Security-Infrastructure.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_15.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_6.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Security.svg","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_11.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/?p=25298","https://www.veltris.com/wp-content/uploads/2025/03/img_5-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2025/03/img_20.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/?p=28462","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Productivity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/?p=28005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/?p=21999","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-content/uploads/2025/03/img_14.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/21999","https://www.veltris.com/wp-content/uploads/2025/03/img_1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/?p=14069","https://www.veltris.com/wp-content/uploads/2022/11/About-us-overview.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_6-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2025/03/Christmas-Celebration_3.png","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Shiva.jpg","https://www.veltris.com/wp-content/uploads/2025/03/img_4.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/30488","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/03/Sushma.png","https://www.veltris.com/wp-content/uploads/2025/04/About-us_Mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2-1.png","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_iOS_Android_Mobile_Applications_Platform_for_Better_Reach_to_the_Clients_Community.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-app-with-next-gen-UI-to-simplify-radon-test-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/03/img_9.png","https://www.veltris.com/wp-content/uploads/2025/03/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-content/uploads/2026/01/Jai-Shankar.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-content/uploads/2025/03/img_12.png","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-Face-Recognition-Model-for-Secure-and-Automated-Monitoring_.pdf","https://www.veltris.com/wp-content/uploads/2023/10/revamped-web-mobile-applications-for-increased-privacy-performance.pdf","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_banner.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-deep-learning-model-for-image-improvement-image-restoration-super-resolution.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_mobile.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2023/10/built-mobile-applications-and-implemented-design-thinking-to-enhance-the-business.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-an-ios-application-for-users-to-share-their-travel-experience.pdf","https://www.veltris.com/wp-content/uploads/2023/03/end-to-end-mobile-and-web-application-to-help-navigate-and-provide-medical-claims-assistance.pdf","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/","https://www.veltris.com/wp-content/uploads/2023/10/developed-ios-and-android-mobile-applications-to-help-users-practice-yoga.pdf","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/rebranding-of-the-website-and-developing-a-multi-platform-system-to-facilitate-operations.pdf","https://www.veltris.com/wp-content/uploads/to-reduce-the-rejection-rate-of-bills-by-creating-an-nlp-model-to-validate-the-same.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/Large-Scale-Data-Migration-Without-Downtime.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-reliable-mobile-app-based-platform-for-everyday-management-tasks.pdf","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/","https://www.veltris.com/wp-content/uploads/2025/03/img_8.png","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/","https://www.veltris.com/wp-content/uploads/2025/03/img_16.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/","https://www.veltris.com/wp-content/uploads/2023/10/built-ios-and-android-mobile-applications-for-health-and-wellness-monitoring-tool.pdf","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-json/wp/v2/pressroom/30525","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/guides/data-lakes-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-300x157.png","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/guides/generative-ai-guide/","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_5-1.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-content/uploads/2025/04/About-us-1.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-json/wp/v2/pages/29266","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/privacy-policy/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/guides/generative-ai-in-construction-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/guides/cxos-essentials-understanding-genai-applications-underwriting-claims/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/industries/embed/","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/careers/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-content/uploads/2023/11/Vishal-Kapoor.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/3D-reality-capture-for-buildings-structures-1.pdf","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2023/09/Kader-Khan.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/29339","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/guides/nlp-llm-chatbots-guide/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/twitter.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/linkedin.svg","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/client-case-studies/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/ai-solutions/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/facebook.svg","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/wp-content/uploads/2019/08/Wavelabs-Case-Study-Waterlily.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/guides/embed/","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/about-us/embed/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-AI-Conversational-Chatbot-Improved-Customer-Support.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-2000-700.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/embed/","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27892","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/feed/","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27893","https://www.veltris.com/guides/generative-ai-in-real-estate-a-beginners-guide/","https://www.veltris.com/wp-json/wp/v2/casestudies/14008","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-json/wp/v2/posts/30383","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/18484","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/28021","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-json/wp/v2/casestudies/13998","https://www.veltris.com/wp-json/wp/v2/casestudies/14009","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-mobile-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/29924","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/22390","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/11/Web_Banner.png","https://www.veltris.com/wp-content/uploads/2025/07/Whats_Actually_Working_for_Risk_Compliance_Ops_Leaders_Mobile.png","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2020/05/Screenshot-2020-06-19-at-12.04.16-PM-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/07/What_Actually_Working_for_Risk_Compliance_Ops_Leaders.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-json/wp/v2/guides/27284","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-json/wp/v2/guides/24716","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leader-introduction-mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2024/05/CTA-thumbnail-03.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/wp/v2/guides/27290","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Mob-Banner-18.png","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-300x169.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-mobile.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/23233","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-mobile-banner.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-300x169.png","https://www.veltris.com/wp-json/wp/v2/guides/24027","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-json/wp/v2/guides/27460","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-768x433.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail_Coverpage-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier.png","https://www.veltris.com/wp-json/wp/v2/guides/27306","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/27456","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/27447","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner-05.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-768x432.png","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-content/uploads/2025/05/healthcare-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-768x432.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner_mobile-08.png","https://www.veltris.com/sitemap/embed/","https://www.veltris.com/wp-json/wp/v2/whitepapers/13975","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-mobile.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-768x402.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-768x432.png","https://www.veltris.com/wp-content/uploads/2024/03/a_NVIDIA_Mobile_BAnner.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-300x146.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-strategy-to-transform-your-enterprise-whitepaper-banner-scaled.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-json/wp/v2/guides/25816","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-768x432.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2.png","https://www.veltris.com/wp-json/wp/v2/guides/22087","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/decoding-cloud_computing-whitepaper-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/24724","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1024x536.png","https://www.veltris.com/wp-json/wp/v2/guides/25826","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-1024x576.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide_banner-02.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking.png","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-768x402.png","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/embed/","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-768x432.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/blogs/data-ai/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-json/wp/v2/guides/27301","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI_Mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-768x432.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-768x373.png","https://www.veltris.com/wp-json/wp/v2/guides/24233","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-768x402.png","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-300x157.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leade-2.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/wp/v2/guides/27311","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-768x432.png","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-2048x1072.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/guides/25822","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/05/Transforming-Clinical-Workflows.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen.png","https://www.veltris.com/wp-json/wp/v2/guides/24710","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/wp/v2/whitepapers/21390","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1536x804.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas.png","https://www.veltris.com/wp-content/uploads/2025/05/CXOs-Essentials-Digital-Transformation-in-Banking-Understanding-Cloud-Native-Data-Fintech-Secur.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal.png","https://www.veltris.com/wp-content/uploads/2025/05/Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-768x432.png","https://www.veltris.com/wp-content/uploads/2022/02/decoding-5g-thumbnail.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/13977","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper_banners_Industry-Homepage-Banner-copy-2-9.06.27-PM.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-json/wp/v2/guides/24407","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/wp/v2/guides/24449","https://www.veltris.com/wp-content/uploads/2024/01/MicrosoftTeams-image-2.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13.png","https://www.veltris.com/wp-content/uploads/2025/07/Thumbnail__3-Fixes-IT-Leaders-Are-Making-Before-Tackling-AI.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-768x432.png","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025.png","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/embed/","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/embed/","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/embed/","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/embed/","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/embed/","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/embed/","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-768x432.png","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/embed/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/embed/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/embed/","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/02/generative_AI_banking_banner.png","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/embed/","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/embed/","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/embed/","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/embed/","https://www.veltris.com/guides/data-lakes-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/embed/","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/embed/","https://www.veltris.com/wp-content/uploads/2022/07/bringing-expertise-tools-to-enable-intelligent-healthcare-whitepaper-banner-scaled.png","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide_Banner-02-1.png","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/embed/","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/embed/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/embed/","https://www.veltris.com/guides/generative-ai-guide/embed/","https://www.veltris.com/wp-json/wp/v2/categories/606","https://www.veltris.com/wp-content/uploads/2025/05/A-Leaders-Introduction-to-Financial-Impact-Risks-and-Opportunities.png","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/embed/","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Understanding-Cloud-Native-Data-in-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/embed/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/embed/","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen-300x169.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/embed/","https://www.veltris.com/blogs/data-ai/page/2/","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/wp-includes/blocks/table/theme.min.css?ver=6.9.4","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13-300x171.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12-300x171.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-1024x585.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19.png","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/wp-includes/blocks/table/style.min.css?ver=6.9.4","https://www.veltris.com/blogs/data-ai/feed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10-300x171.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11-300x171.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet-300x169.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-768x439.png","https://www.veltris.com/blogs/real-time-private-equity-how-vertical-ai-accelerates-value-creation/feed/","https://www.veltris.com/blogs/why-critical-infrastructure-requires-vertical-ai-to-scale-responsibly/feed/","https://www.veltris.com/blogs/kpi-driven-insights-for-dsos-reducing-staffing-costs-and-unlocking-new-growth/feed/","https://www.veltris.com/blogs/plugging-the-leak-stopping-patient-drift-with-predictive-engagement/feed/","https://www.veltris.com/blogs/why-ai-agents-are-the-future-of-healthcare-revenue-performance/feed/","https://www.veltris.com/blogs/protecting-the-bid-how-predictive-costing-stops-profit-fade/feed/","https://www.veltris.com/blogs/data-ai/page/3/","https://www.veltris.com/blogs/from-reports-to-foresight-why-ai-analytics-now-decide-pbm-competitive-advantage/feed/","https://www.veltris.com/blogs/agentic-ai-for-manufacturers-enabling-connected-design-smarter-decisions-and-reliable-operations/feed/","https://www.veltris.com/blogs/maximizing-revenue-per-mile-why-static-pricing-is-leaving-money-on-the-table/feed/","https://www.veltris.com/wp-json/wp/v2/posts/30371","https://www.veltris.com/wp-json/wp/v2/posts/30377","https://www.veltris.com/wp-json/wp/v2/posts/30381","https://www.veltris.com/wp-json/wp/v2/posts/30353","https://www.veltris.com/wp-json/wp/v2/posts/30355","https://www.veltris.com/wp-json/wp/v2/posts/30375","https://www.veltris.com/wp-json/wp/v2/posts/30341","https://www.veltris.com/wp-json/wp/v2/posts/30369","https://www.veltris.com/wp-json/wp/v2/posts/30357","https://www.veltris.com/blogs/data-ai/page/4/","https://www.veltris.com/blogs/data-ai/page/5/","https://www.veltris.com/blogs/data-ai/page/6/","https://www.veltris.com/blogs/data-ai/page/7/","https://www.veltris.com/blogs/data-ai/page/8/"],"duration":40.49531435966492},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.05646705627441},"passive_scan":{"status":"completed","duration":0.006258964538574219},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.veltris.com","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":2100.491763114929},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a0e8609cad9e5613c3dbbcc"},"created_at":{"$date":"2026-05-21T04:11:53.046Z"},"url":"https://springs.com.pk","tool":"owaspzap","result":{"status":"completed","target_url":"https://springs.com.pk","scan_timestamp":"20260521_013443","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"3","status":"completed","urls_found":1433,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cantier.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-json/","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/uploads/2023/09/Hi-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/careers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/client-case-studies/","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/services/data-ai/","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/industries/","https://www.veltris.com/services/","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Healthcare-Expertise.png","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/whitepapers/","https://www.veltris.com/wp-content/uploads/2025/09/Compliance-Ready-by-Design.png","https://www.veltris.com/wp-content/uploads/2025/09/Increase-in-Team-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/11/Tarannum_Fatima.jpg","https://www.veltris.com/wp-content/uploads/2022/11/anvesh-200x200-1.jpeg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/wp-content/uploads/2022/11/Manivsrsh-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Domain-Specific-Accelerators.png","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Accuracy-Reliability.png","https://www.veltris.com/guides/","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/wp-content/uploads/2025/09/AI-First-Architecture.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/uploads/2022/11/Surya-Vamsi-200x200-1.jpeg","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Impact.png","https://www.veltris.com/wp-content/uploads/2025/11/Anurag_Choudhary.jpg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/wp-content/uploads/2022/09/carrers-img.jpeg","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.png","https://www.veltris.com/wp-content/uploads/2022/11/Madhav-J-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-content/uploads/2022/11/Venu.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovate-Faster.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/about-us/","https://www.veltris.com/wp-content/uploads/2025/09/product-lifecycle-managed-healthcare.png","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/wp-content/uploads/2025/09/Accelerate-Insights.png","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2025/09/digital-cloud-healthcare.png","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/wp-content/uploads/2025/04/Careers.png","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2022/11/Bhargavi-200x200-1.png","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/sitemap/","https://www.veltris.com/wp-content/uploads/2025/09/Chip-to-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2025/11/MVSN_Raju.jpg","https://www.veltris.com/wp-content/uploads/2022/11/Ravi-Sanapla-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/healthcare-lifesciences-data-AI.png","https://www.veltris.com/wp-content/uploads/2022/11/Swathi-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Healthcare-Lifesciences_Banner_2000x700.png","https://www.veltris.com/resources/","https://www.veltris.com/wp-content/uploads/2022/11/Abdul-200x200-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Johnson.png","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/04/Careers_mob.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Boost-Productivity.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Redirect-Costs-to-Innovation.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Ecosystem.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/blogs/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study.pdf","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/events/","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/uploads/2022/11/Murali-Krishna-1-200x200-1.png","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2026/02/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study.pdf","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail-300x169.png","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study-300x169.png","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/?p=30392","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/pressroom/","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/pressroom","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50_engineering_productivity_gains.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/?p=25066","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains.png","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/?p=14556","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/whitepapers","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/case-studies","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/wp-json/wp/v2/pages/14556","https://www.veltris.com/blogs","https://www.veltris.com/wp-content/uploads/2026/05/ai-ready-data-fabric-for-a-multi-unit-dental-network.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/3","https://www.veltris.com/infographics","https://www.veltris.com/guides","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/?p=27074","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail.png","https://www.veltris.com/resources","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies.png","https://www.veltris.com/?p=3","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/disclaimer/","https://www.veltris.com/wp-content/uploads/2025/07/Overview-img-size-640x470-1.png","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies_mob.png","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/insights/","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/privacy-policy/feed/","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/?p=28540","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/?p=25086","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-Mobile-600X800.png","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-json/wp/v2/pages/14069","https://www.veltris.com/?p=22001","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/?p=14560","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/?p=28249","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/?p=28383","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/?p=27965","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27965","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study.png","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations_mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-content/uploads/2025/07/AgenticAI-Tech-Stack-Play-scaled-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-content/uploads/2025/07/Veltris_Accelerated_AI-Platform.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_9-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-content/uploads/2025/03/img_3-2.png","https://www.veltris.com/?p=19877","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-content/uploads/2025/03/img_1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_4-2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/?p=25111","https://www.veltris.com/wp-content/uploads/2025/03/img_4-1.png","https://www.veltris.com/wp-json/wp/v2/pages/22001","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_19.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_18.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_17.png","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/19877","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/?p=28435","https://www.veltris.com/casestudies/built-a-robust-foundational-data-reporting-platform-for-a-leading-ott-solutions-provider/","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-content/uploads/2025/03/img_13.png","https://www.veltris.com/wp-content/uploads/2025/04/Cyber-Security-Infrastructure.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_15.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_6.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Security.svg","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_11.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/?p=25298","https://www.veltris.com/wp-content/uploads/2025/03/img_5-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2025/03/img_20.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/?p=28462","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Productivity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/?p=28005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/?p=21999","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-content/uploads/2025/03/img_14.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/21999","https://www.veltris.com/wp-content/uploads/2025/03/img_1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/?p=14069","https://www.veltris.com/wp-content/uploads/2022/11/About-us-overview.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_6-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2025/03/Christmas-Celebration_3.png","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Shiva.jpg","https://www.veltris.com/wp-content/uploads/2025/03/img_4.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/30488","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/03/Sushma.png","https://www.veltris.com/wp-content/uploads/2025/04/About-us_Mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2-1.png","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_iOS_Android_Mobile_Applications_Platform_for_Better_Reach_to_the_Clients_Community.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-app-with-next-gen-UI-to-simplify-radon-test-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/03/img_9.png","https://www.veltris.com/wp-content/uploads/2025/03/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-content/uploads/2026/01/Jai-Shankar.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-content/uploads/2025/03/img_12.png","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-Face-Recognition-Model-for-Secure-and-Automated-Monitoring_.pdf","https://www.veltris.com/wp-content/uploads/2023/10/revamped-web-mobile-applications-for-increased-privacy-performance.pdf","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_banner.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-deep-learning-model-for-image-improvement-image-restoration-super-resolution.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_mobile.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2023/10/built-mobile-applications-and-implemented-design-thinking-to-enhance-the-business.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-an-ios-application-for-users-to-share-their-travel-experience.pdf","https://www.veltris.com/wp-content/uploads/2023/03/end-to-end-mobile-and-web-application-to-help-navigate-and-provide-medical-claims-assistance.pdf","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/","https://www.veltris.com/wp-content/uploads/2023/10/developed-ios-and-android-mobile-applications-to-help-users-practice-yoga.pdf","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/rebranding-of-the-website-and-developing-a-multi-platform-system-to-facilitate-operations.pdf","https://www.veltris.com/wp-content/uploads/to-reduce-the-rejection-rate-of-bills-by-creating-an-nlp-model-to-validate-the-same.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/Large-Scale-Data-Migration-Without-Downtime.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-reliable-mobile-app-based-platform-for-everyday-management-tasks.pdf","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/","https://www.veltris.com/wp-content/uploads/2025/03/img_8.png","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/","https://www.veltris.com/wp-content/uploads/2025/03/img_16.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/","https://www.veltris.com/wp-content/uploads/2023/10/built-ios-and-android-mobile-applications-for-health-and-wellness-monitoring-tool.pdf","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-json/wp/v2/pressroom/30525","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/guides/data-lakes-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-300x157.png","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/guides/generative-ai-guide/","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_5-1.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-content/uploads/2025/04/About-us-1.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-json/wp/v2/pages/29266","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/privacy-policy/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/guides/generative-ai-in-construction-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/guides/cxos-essentials-understanding-genai-applications-underwriting-claims/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/industries/embed/","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/careers/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-content/uploads/2023/11/Vishal-Kapoor.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/3D-reality-capture-for-buildings-structures-1.pdf","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2023/09/Kader-Khan.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/29339","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/guides/nlp-llm-chatbots-guide/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/twitter.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/linkedin.svg","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/client-case-studies/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/ai-solutions/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/facebook.svg","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/wp-content/uploads/2019/08/Wavelabs-Case-Study-Waterlily.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/guides/embed/","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/about-us/embed/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-AI-Conversational-Chatbot-Improved-Customer-Support.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-2000-700.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/embed/","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27892","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/feed/","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27893","https://www.veltris.com/guides/generative-ai-in-real-estate-a-beginners-guide/","https://www.veltris.com/wp-json/wp/v2/casestudies/14008","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-json/wp/v2/posts/30383","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/18484","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/28021","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-json/wp/v2/casestudies/13998","https://www.veltris.com/wp-json/wp/v2/casestudies/14009","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-mobile-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/29924","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/22390","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/11/Web_Banner.png","https://www.veltris.com/wp-content/uploads/2025/07/Whats_Actually_Working_for_Risk_Compliance_Ops_Leaders_Mobile.png","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2020/05/Screenshot-2020-06-19-at-12.04.16-PM-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/07/What_Actually_Working_for_Risk_Compliance_Ops_Leaders.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-json/wp/v2/guides/27284","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-json/wp/v2/guides/24716","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leader-introduction-mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2024/05/CTA-thumbnail-03.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/wp/v2/guides/27290","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Mob-Banner-18.png","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-300x169.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-mobile.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/23233","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-mobile-banner.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-300x169.png","https://www.veltris.com/wp-json/wp/v2/guides/24027","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-json/wp/v2/guides/27460","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-768x433.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail_Coverpage-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier.png","https://www.veltris.com/wp-json/wp/v2/guides/27306","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/27456","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/27447","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner-05.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-768x432.png","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-content/uploads/2025/05/healthcare-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-768x432.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner_mobile-08.png","https://www.veltris.com/sitemap/embed/","https://www.veltris.com/wp-json/wp/v2/whitepapers/13975","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-mobile.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-768x402.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-768x432.png","https://www.veltris.com/wp-content/uploads/2024/03/a_NVIDIA_Mobile_BAnner.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-300x146.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-strategy-to-transform-your-enterprise-whitepaper-banner-scaled.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-json/wp/v2/guides/25816","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-768x432.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2.png","https://www.veltris.com/wp-json/wp/v2/guides/22087","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/decoding-cloud_computing-whitepaper-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/24724","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1024x536.png","https://www.veltris.com/wp-json/wp/v2/guides/25826","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-1024x576.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide_banner-02.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking.png","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-768x402.png","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/embed/","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-768x432.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/blogs/data-ai/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-json/wp/v2/guides/27301","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI_Mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-768x432.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-768x373.png","https://www.veltris.com/wp-json/wp/v2/guides/24233","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-768x402.png","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-300x157.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leade-2.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/wp/v2/guides/27311","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-768x432.png","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-2048x1072.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/guides/25822","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/05/Transforming-Clinical-Workflows.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen.png","https://www.veltris.com/wp-json/wp/v2/guides/24710","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/wp/v2/whitepapers/21390","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1536x804.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas.png","https://www.veltris.com/wp-content/uploads/2025/05/CXOs-Essentials-Digital-Transformation-in-Banking-Understanding-Cloud-Native-Data-Fintech-Secur.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal.png","https://www.veltris.com/wp-content/uploads/2025/05/Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-768x432.png","https://www.veltris.com/wp-content/uploads/2022/02/decoding-5g-thumbnail.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/13977","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper_banners_Industry-Homepage-Banner-copy-2-9.06.27-PM.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-json/wp/v2/guides/24407","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/wp/v2/guides/24449","https://www.veltris.com/wp-content/uploads/2024/01/MicrosoftTeams-image-2.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13.png","https://www.veltris.com/wp-content/uploads/2025/07/Thumbnail__3-Fixes-IT-Leaders-Are-Making-Before-Tackling-AI.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-768x432.png","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025.png","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/embed/","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/embed/","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/embed/","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/embed/","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/embed/","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/embed/","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-768x432.png","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/embed/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/embed/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/embed/","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/02/generative_AI_banking_banner.png","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/embed/","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/embed/","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/embed/","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/embed/","https://www.veltris.com/guides/data-lakes-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/embed/","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/embed/","https://www.veltris.com/wp-content/uploads/2022/07/bringing-expertise-tools-to-enable-intelligent-healthcare-whitepaper-banner-scaled.png","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide_Banner-02-1.png","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/embed/","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/embed/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/embed/","https://www.veltris.com/guides/generative-ai-guide/embed/","https://www.veltris.com/wp-json/wp/v2/categories/606","https://www.veltris.com/wp-content/uploads/2025/05/A-Leaders-Introduction-to-Financial-Impact-Risks-and-Opportunities.png","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/embed/","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Understanding-Cloud-Native-Data-in-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/embed/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/embed/","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen-300x169.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/embed/","https://www.veltris.com/blogs/data-ai/page/2/","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/wp-includes/blocks/table/theme.min.css?ver=6.9.4","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13-300x171.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12-300x171.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-1024x585.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19.png","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/wp-includes/blocks/table/style.min.css?ver=6.9.4","https://www.veltris.com/blogs/data-ai/feed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10-300x171.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11-300x171.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet-300x169.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-768x439.png","https://www.veltris.com/blogs/real-time-private-equity-how-vertical-ai-accelerates-value-creation/feed/","https://www.veltris.com/blogs/why-critical-infrastructure-requires-vertical-ai-to-scale-responsibly/feed/","https://www.veltris.com/blogs/kpi-driven-insights-for-dsos-reducing-staffing-costs-and-unlocking-new-growth/feed/","https://www.veltris.com/blogs/plugging-the-leak-stopping-patient-drift-with-predictive-engagement/feed/","https://www.veltris.com/blogs/why-ai-agents-are-the-future-of-healthcare-revenue-performance/feed/","https://www.veltris.com/blogs/protecting-the-bid-how-predictive-costing-stops-profit-fade/feed/","https://www.veltris.com/blogs/data-ai/page/3/","https://www.veltris.com/blogs/from-reports-to-foresight-why-ai-analytics-now-decide-pbm-competitive-advantage/feed/","https://www.veltris.com/blogs/agentic-ai-for-manufacturers-enabling-connected-design-smarter-decisions-and-reliable-operations/feed/","https://www.veltris.com/blogs/maximizing-revenue-per-mile-why-static-pricing-is-leaving-money-on-the-table/feed/","https://www.veltris.com/wp-json/wp/v2/posts/30371","https://www.veltris.com/wp-json/wp/v2/posts/30377","https://www.veltris.com/wp-json/wp/v2/posts/30381","https://www.veltris.com/wp-json/wp/v2/posts/30353","https://www.veltris.com/wp-json/wp/v2/posts/30355","https://www.veltris.com/wp-json/wp/v2/posts/30375","https://www.veltris.com/wp-json/wp/v2/posts/30341","https://www.veltris.com/wp-json/wp/v2/posts/30369","https://www.veltris.com/wp-json/wp/v2/posts/30357","https://www.veltris.com/blogs/data-ai/page/4/","https://www.veltris.com/blogs/data-ai/page/5/","https://www.veltris.com/blogs/data-ai/page/6/","https://www.veltris.com/blogs/data-ai/page/7/","https://www.veltris.com/blogs/data-ai/page/8/","https://springs.com.pk","https://springs.com.pk/","https://springs.com.pk/robots.txt","https://springs.com.pk/sitemap.xml"],"duration":11.024969339370728},"ajax_spider":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/ajaxSpider/view/status/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"passive_scan":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/pscan/view/scanners/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"fuzzing":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/sites/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"websocket":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/websocket/view/channels/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"active_scan":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/ascan/action/scan/?url=https%3A%2F%2Fsprings.com.pk&recurse=true&inScopeOnly=false&scanPolicyName=Default+Policy&method=&postData= (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"port_scan":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/network/view/getAliases/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"vulnerabilities":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"reports":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"}}},"summary":""},{"_id":{"$oid":"6a0e8cf473cbe635d791581c"},"created_at":{"$date":"2026-05-21T04:41:24.572Z"},"url":"https://springs.com.pk","tool":"owaspzap","result":{"status":"completed","target_url":"https://springs.com.pk","scan_timestamp":"20260520_212929","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"2","status":"completed","urls_found":1433,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cantier.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-json/","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/uploads/2023/09/Hi-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/careers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/client-case-studies/","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/services/data-ai/","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/industries/","https://www.veltris.com/services/","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Healthcare-Expertise.png","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/whitepapers/","https://www.veltris.com/wp-content/uploads/2025/09/Compliance-Ready-by-Design.png","https://www.veltris.com/wp-content/uploads/2025/09/Increase-in-Team-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/11/Tarannum_Fatima.jpg","https://www.veltris.com/wp-content/uploads/2022/11/anvesh-200x200-1.jpeg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/wp-content/uploads/2022/11/Manivsrsh-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Domain-Specific-Accelerators.png","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Accuracy-Reliability.png","https://www.veltris.com/guides/","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/wp-content/uploads/2025/09/AI-First-Architecture.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/uploads/2022/11/Surya-Vamsi-200x200-1.jpeg","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Impact.png","https://www.veltris.com/wp-content/uploads/2025/11/Anurag_Choudhary.jpg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/wp-content/uploads/2022/09/carrers-img.jpeg","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.png","https://www.veltris.com/wp-content/uploads/2022/11/Madhav-J-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-content/uploads/2022/11/Venu.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovate-Faster.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/about-us/","https://www.veltris.com/wp-content/uploads/2025/09/product-lifecycle-managed-healthcare.png","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/wp-content/uploads/2025/09/Accelerate-Insights.png","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2025/09/digital-cloud-healthcare.png","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/wp-content/uploads/2025/04/Careers.png","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2022/11/Bhargavi-200x200-1.png","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/sitemap/","https://www.veltris.com/wp-content/uploads/2025/09/Chip-to-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2025/11/MVSN_Raju.jpg","https://www.veltris.com/wp-content/uploads/2022/11/Ravi-Sanapla-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/healthcare-lifesciences-data-AI.png","https://www.veltris.com/wp-content/uploads/2022/11/Swathi-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Healthcare-Lifesciences_Banner_2000x700.png","https://www.veltris.com/resources/","https://www.veltris.com/wp-content/uploads/2022/11/Abdul-200x200-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Johnson.png","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/04/Careers_mob.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Boost-Productivity.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Redirect-Costs-to-Innovation.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Ecosystem.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/blogs/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study.pdf","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/events/","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/uploads/2022/11/Murali-Krishna-1-200x200-1.png","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2026/02/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study.pdf","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail-300x169.png","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study-300x169.png","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/?p=30392","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/pressroom/","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/pressroom","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50_engineering_productivity_gains.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/?p=25066","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains.png","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/?p=14556","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/whitepapers","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/case-studies","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/wp-json/wp/v2/pages/14556","https://www.veltris.com/blogs","https://www.veltris.com/wp-content/uploads/2026/05/ai-ready-data-fabric-for-a-multi-unit-dental-network.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/3","https://www.veltris.com/infographics","https://www.veltris.com/guides","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/?p=27074","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail.png","https://www.veltris.com/resources","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies.png","https://www.veltris.com/?p=3","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/disclaimer/","https://www.veltris.com/wp-content/uploads/2025/07/Overview-img-size-640x470-1.png","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies_mob.png","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/insights/","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/privacy-policy/feed/","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/?p=28540","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/?p=25086","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-Mobile-600X800.png","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-json/wp/v2/pages/14069","https://www.veltris.com/?p=22001","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/?p=14560","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/?p=28249","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/?p=28383","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/?p=27965","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27965","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study.png","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations_mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-content/uploads/2025/07/AgenticAI-Tech-Stack-Play-scaled-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-content/uploads/2025/07/Veltris_Accelerated_AI-Platform.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_9-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-content/uploads/2025/03/img_3-2.png","https://www.veltris.com/?p=19877","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-content/uploads/2025/03/img_1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_4-2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/?p=25111","https://www.veltris.com/wp-content/uploads/2025/03/img_4-1.png","https://www.veltris.com/wp-json/wp/v2/pages/22001","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_19.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_18.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_17.png","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/19877","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/?p=28435","https://www.veltris.com/casestudies/built-a-robust-foundational-data-reporting-platform-for-a-leading-ott-solutions-provider/","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-content/uploads/2025/03/img_13.png","https://www.veltris.com/wp-content/uploads/2025/04/Cyber-Security-Infrastructure.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_15.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_6.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Security.svg","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_11.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/?p=25298","https://www.veltris.com/wp-content/uploads/2025/03/img_5-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2025/03/img_20.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/?p=28462","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Productivity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/?p=28005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/?p=21999","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-content/uploads/2025/03/img_14.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/21999","https://www.veltris.com/wp-content/uploads/2025/03/img_1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/?p=14069","https://www.veltris.com/wp-content/uploads/2022/11/About-us-overview.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_6-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2025/03/Christmas-Celebration_3.png","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Shiva.jpg","https://www.veltris.com/wp-content/uploads/2025/03/img_4.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/30488","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/03/Sushma.png","https://www.veltris.com/wp-content/uploads/2025/04/About-us_Mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2-1.png","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_iOS_Android_Mobile_Applications_Platform_for_Better_Reach_to_the_Clients_Community.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-app-with-next-gen-UI-to-simplify-radon-test-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/03/img_9.png","https://www.veltris.com/wp-content/uploads/2025/03/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-content/uploads/2026/01/Jai-Shankar.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-content/uploads/2025/03/img_12.png","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-Face-Recognition-Model-for-Secure-and-Automated-Monitoring_.pdf","https://www.veltris.com/wp-content/uploads/2023/10/revamped-web-mobile-applications-for-increased-privacy-performance.pdf","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_banner.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-deep-learning-model-for-image-improvement-image-restoration-super-resolution.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_mobile.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2023/10/built-mobile-applications-and-implemented-design-thinking-to-enhance-the-business.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-an-ios-application-for-users-to-share-their-travel-experience.pdf","https://www.veltris.com/wp-content/uploads/2023/03/end-to-end-mobile-and-web-application-to-help-navigate-and-provide-medical-claims-assistance.pdf","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/","https://www.veltris.com/wp-content/uploads/2023/10/developed-ios-and-android-mobile-applications-to-help-users-practice-yoga.pdf","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/rebranding-of-the-website-and-developing-a-multi-platform-system-to-facilitate-operations.pdf","https://www.veltris.com/wp-content/uploads/to-reduce-the-rejection-rate-of-bills-by-creating-an-nlp-model-to-validate-the-same.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/Large-Scale-Data-Migration-Without-Downtime.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-reliable-mobile-app-based-platform-for-everyday-management-tasks.pdf","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/","https://www.veltris.com/wp-content/uploads/2025/03/img_8.png","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/","https://www.veltris.com/wp-content/uploads/2025/03/img_16.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/","https://www.veltris.com/wp-content/uploads/2023/10/built-ios-and-android-mobile-applications-for-health-and-wellness-monitoring-tool.pdf","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-json/wp/v2/pressroom/30525","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/guides/data-lakes-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-300x157.png","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/guides/generative-ai-guide/","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_5-1.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-content/uploads/2025/04/About-us-1.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-json/wp/v2/pages/29266","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/privacy-policy/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/guides/generative-ai-in-construction-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/guides/cxos-essentials-understanding-genai-applications-underwriting-claims/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/industries/embed/","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/careers/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-content/uploads/2023/11/Vishal-Kapoor.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/3D-reality-capture-for-buildings-structures-1.pdf","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2023/09/Kader-Khan.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/29339","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/guides/nlp-llm-chatbots-guide/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/twitter.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/linkedin.svg","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/client-case-studies/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/ai-solutions/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/facebook.svg","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/wp-content/uploads/2019/08/Wavelabs-Case-Study-Waterlily.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/guides/embed/","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/about-us/embed/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-AI-Conversational-Chatbot-Improved-Customer-Support.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-2000-700.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/embed/","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27892","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/feed/","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27893","https://www.veltris.com/guides/generative-ai-in-real-estate-a-beginners-guide/","https://www.veltris.com/wp-json/wp/v2/casestudies/14008","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-json/wp/v2/posts/30383","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/18484","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/28021","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-json/wp/v2/casestudies/13998","https://www.veltris.com/wp-json/wp/v2/casestudies/14009","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-mobile-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/29924","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/22390","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/11/Web_Banner.png","https://www.veltris.com/wp-content/uploads/2025/07/Whats_Actually_Working_for_Risk_Compliance_Ops_Leaders_Mobile.png","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2020/05/Screenshot-2020-06-19-at-12.04.16-PM-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/07/What_Actually_Working_for_Risk_Compliance_Ops_Leaders.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-json/wp/v2/guides/27284","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-json/wp/v2/guides/24716","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leader-introduction-mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2024/05/CTA-thumbnail-03.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/wp/v2/guides/27290","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Mob-Banner-18.png","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-300x169.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-mobile.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/23233","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-mobile-banner.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-300x169.png","https://www.veltris.com/wp-json/wp/v2/guides/24027","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-json/wp/v2/guides/27460","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-768x433.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail_Coverpage-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier.png","https://www.veltris.com/wp-json/wp/v2/guides/27306","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/27456","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/27447","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner-05.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-768x432.png","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-content/uploads/2025/05/healthcare-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-768x432.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner_mobile-08.png","https://www.veltris.com/sitemap/embed/","https://www.veltris.com/wp-json/wp/v2/whitepapers/13975","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-mobile.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-768x402.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-768x432.png","https://www.veltris.com/wp-content/uploads/2024/03/a_NVIDIA_Mobile_BAnner.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-300x146.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-strategy-to-transform-your-enterprise-whitepaper-banner-scaled.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-json/wp/v2/guides/25816","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-768x432.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2.png","https://www.veltris.com/wp-json/wp/v2/guides/22087","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/decoding-cloud_computing-whitepaper-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/24724","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1024x536.png","https://www.veltris.com/wp-json/wp/v2/guides/25826","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-1024x576.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide_banner-02.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking.png","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-768x402.png","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/embed/","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-768x432.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/blogs/data-ai/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-json/wp/v2/guides/27301","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI_Mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-768x432.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-768x373.png","https://www.veltris.com/wp-json/wp/v2/guides/24233","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-768x402.png","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-300x157.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leade-2.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/wp/v2/guides/27311","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-768x432.png","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-2048x1072.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/guides/25822","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/05/Transforming-Clinical-Workflows.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen.png","https://www.veltris.com/wp-json/wp/v2/guides/24710","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/wp/v2/whitepapers/21390","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1536x804.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas.png","https://www.veltris.com/wp-content/uploads/2025/05/CXOs-Essentials-Digital-Transformation-in-Banking-Understanding-Cloud-Native-Data-Fintech-Secur.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal.png","https://www.veltris.com/wp-content/uploads/2025/05/Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-768x432.png","https://www.veltris.com/wp-content/uploads/2022/02/decoding-5g-thumbnail.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/13977","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper_banners_Industry-Homepage-Banner-copy-2-9.06.27-PM.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-json/wp/v2/guides/24407","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/wp/v2/guides/24449","https://www.veltris.com/wp-content/uploads/2024/01/MicrosoftTeams-image-2.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13.png","https://www.veltris.com/wp-content/uploads/2025/07/Thumbnail__3-Fixes-IT-Leaders-Are-Making-Before-Tackling-AI.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-768x432.png","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025.png","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/embed/","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/embed/","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/embed/","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/embed/","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/embed/","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/embed/","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-768x432.png","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/embed/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/embed/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/embed/","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/02/generative_AI_banking_banner.png","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/embed/","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/embed/","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/embed/","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/embed/","https://www.veltris.com/guides/data-lakes-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/embed/","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/embed/","https://www.veltris.com/wp-content/uploads/2022/07/bringing-expertise-tools-to-enable-intelligent-healthcare-whitepaper-banner-scaled.png","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide_Banner-02-1.png","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/embed/","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/embed/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/embed/","https://www.veltris.com/guides/generative-ai-guide/embed/","https://www.veltris.com/wp-json/wp/v2/categories/606","https://www.veltris.com/wp-content/uploads/2025/05/A-Leaders-Introduction-to-Financial-Impact-Risks-and-Opportunities.png","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/embed/","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Understanding-Cloud-Native-Data-in-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/embed/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/embed/","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen-300x169.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/embed/","https://www.veltris.com/blogs/data-ai/page/2/","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/wp-includes/blocks/table/theme.min.css?ver=6.9.4","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13-300x171.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12-300x171.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-1024x585.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19.png","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/wp-includes/blocks/table/style.min.css?ver=6.9.4","https://www.veltris.com/blogs/data-ai/feed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10-300x171.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11-300x171.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet-300x169.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-768x439.png","https://www.veltris.com/blogs/real-time-private-equity-how-vertical-ai-accelerates-value-creation/feed/","https://www.veltris.com/blogs/why-critical-infrastructure-requires-vertical-ai-to-scale-responsibly/feed/","https://www.veltris.com/blogs/kpi-driven-insights-for-dsos-reducing-staffing-costs-and-unlocking-new-growth/feed/","https://www.veltris.com/blogs/plugging-the-leak-stopping-patient-drift-with-predictive-engagement/feed/","https://www.veltris.com/blogs/why-ai-agents-are-the-future-of-healthcare-revenue-performance/feed/","https://www.veltris.com/blogs/protecting-the-bid-how-predictive-costing-stops-profit-fade/feed/","https://www.veltris.com/blogs/data-ai/page/3/","https://www.veltris.com/blogs/from-reports-to-foresight-why-ai-analytics-now-decide-pbm-competitive-advantage/feed/","https://www.veltris.com/blogs/agentic-ai-for-manufacturers-enabling-connected-design-smarter-decisions-and-reliable-operations/feed/","https://www.veltris.com/blogs/maximizing-revenue-per-mile-why-static-pricing-is-leaving-money-on-the-table/feed/","https://www.veltris.com/wp-json/wp/v2/posts/30371","https://www.veltris.com/wp-json/wp/v2/posts/30377","https://www.veltris.com/wp-json/wp/v2/posts/30381","https://www.veltris.com/wp-json/wp/v2/posts/30353","https://www.veltris.com/wp-json/wp/v2/posts/30355","https://www.veltris.com/wp-json/wp/v2/posts/30375","https://www.veltris.com/wp-json/wp/v2/posts/30341","https://www.veltris.com/wp-json/wp/v2/posts/30369","https://www.veltris.com/wp-json/wp/v2/posts/30357","https://www.veltris.com/blogs/data-ai/page/4/","https://www.veltris.com/blogs/data-ai/page/5/","https://www.veltris.com/blogs/data-ai/page/6/","https://www.veltris.com/blogs/data-ai/page/7/","https://www.veltris.com/blogs/data-ai/page/8/","https://springs.com.pk","https://springs.com.pk/","https://springs.com.pk/robots.txt","https://springs.com.pk/sitemap.xml"],"duration":11.06628704071045},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.03079986572266},"passive_scan":{"status":"completed","duration":0.001707315444946289},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"springs.com.pk","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"active_scan":{"scan_id":"2","status":"completed","duration":30.00699758529663},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"vulnerabilities":{"total_alerts":8,"high_risk":0,"medium_risk":0,"low_risk":8,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[{"nodeName":"https://springs.com.pk/","sourceid":"3","other":"","method":"GET","evidence":"nginx/1.29.1","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":158705,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"158705","inputVector":"","url":"https://springs.com.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"46010","alertRef":"10036-2"},{"nodeName":"https://springs.com.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":158705,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"158705","inputVector":"","url":"https://springs.com.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"46011","alertRef":"10035-1"},{"nodeName":"https://springs.com.pk/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"nginx/1.29.1","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":158713,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"158713","inputVector":"","url":"https://springs.com.pk/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"46014","alertRef":"10036-2"},{"nodeName":"https://springs.com.pk/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"nginx/1.29.1","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":158714,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"158714","inputVector":"","url":"https://springs.com.pk/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"46015","alertRef":"10036-2"},{"nodeName":"https://springs.com.pk","sourceid":"3","other":"","method":"GET","evidence":"nginx/1.29.1","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":158711,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"158711","inputVector":"","url":"https://springs.com.pk","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"46016","alertRef":"10036-2"},{"nodeName":"https://springs.com.pk/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":158713,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"158713","inputVector":"","url":"https://springs.com.pk/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"46017","alertRef":"10035-1"},{"nodeName":"https://springs.com.pk","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":158711,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"158711","inputVector":"","url":"https://springs.com.pk","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"46018","alertRef":"10035-1"},{"nodeName":"https://springs.com.pk/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":158714,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"158714","inputVector":"","url":"https://springs.com.pk/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"46019","alertRef":"10035-1"}],"Informational":[]},"vulnerability_types":{"Server Leaks Version Information via \"Server\" HTTP Response Header Field":4,"Strict-Transport-Security Header Not Set":4},"owasp_top10":{"Unmapped / Other":4,"A05: Security Misconfiguration":4}},"reports":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"}}},"summary":""},{"_id":{"$oid":"6a0eb70353a96d91825c5c6a"},"created_at":{"$date":"2026-05-21T07:40:51.513Z"},"url":"https://www.veltris.com/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.veltris.com/","scan_timestamp":"20260520_201202","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"1","status":"completed","urls_found":1429,"urls_list":["https://www.veltris.com/sitemap.xml","https://www.veltris.com/robots.txt","https://www.veltris.com/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/power-bi.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/AICPA-SOC.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/databricks.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Salesforce.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cantier.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Google_Cloud.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nokia.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Tech-Platfrom.png","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/ISO.png","https://www.veltris.com/wp-json/","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO.png","https://www.veltris.com/wp-content/uploads/2026/01/Analyzing-250M-Daily-Events-to-Power-Superior-Streaming-Experiences_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Real-Time-AI-Predictions-Improve-Reliability-in-Pharmaceutical-Manufacturing.png","https://www.veltris.com/wp-content/uploads/2023/10/favicon-32x32-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/cisco.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/aws.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/nvidia.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/IBM.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/servicenow.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/MS-Azure.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/siemens.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Schneider.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/NetSuite.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/atlassian-jira.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Snowflake.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/Tableau.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/mobile-menu.css?ver=2.0","https://www.veltris.com/wp-content/plugins/ubermenu/assets/css/skins/minimal.css?ver=6.9.4","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/communitiesai-first-service-firms.png","https://www.veltris.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","https://www.veltris.com/wp-content/uploads/2023/09/Channel-.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/ajax-filter-loadmore.js","https://www.veltris.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.8","https://www.veltris.com/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js","https://www.veltris.com/wp-content/uploads/2026/01/AI-Cognitive-Engine-Enables-Data-Driven-Decisions-for-Financial-Services-Leader_Mob.png","https://www.veltris.com/wp-content/uploads/2026/01/Home-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/04/pressroom-01.svg","https://www.veltris.com/wp-content/uploads/2023/09/Aboutus.svg","https://www.veltris.com/wp-content/uploads/2026/01/Modern-Data-Infrastructure-Powers-Efficiency-for-Canadas-Largest-DSO_Mob.png","https://www.veltris.com/wp-content/themes/wavelabs/style.css?ver=2.0","https://www.veltris.com/wp-content/uploads/2023/09/Casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/09/Leadership.svg","https://www.veltris.com/wp-content/plugins/sg-cachepress/assets/js/lazysizes.min.js?ver=7.7.11","https://www.veltris.com/wp-content/uploads/2023/09/Healthcare-1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/lightbox.min.css","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/footer/logo.svg","https://www.veltris.com/wp-content/uploads/2026/01/Home-Diversified-industry.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/new-menu.js","https://www.veltris.com/wp-content/uploads/2023/09/White-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/vectra.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/lightbox-plus-jquery.min.js","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_constellation_research_Banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/striim.svg","https://www.veltris.com/wp-content/uploads/real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmaceutical-drug.pdf","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_banner_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/sal.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.carousel.min.css","https://www.veltris.com/about-us","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/whitepapers-page.css?ver=2.0","https://www.veltris.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=1.8.0","https://www.veltris.com/wp-content/uploads/2023/09/Events.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/owl.theme.default.min.css","https://www.veltris.com/wp-content/uploads/2023/09/Contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud_1.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/sal.css?ver=2.0","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/scroll-highlight.js","https://www.veltris.com/wp-content/uploads/2023/09/Hi-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2024/05/Glossary-svg.svg","https://www.veltris.com/wp-content/plugins/attachment-download-on-gravity-form-submission/frontend/js/wot-public-scripts.js","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/header/logo.svg","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI_1.svg","https://www.veltris.com/wp-content/uploads/2023/09/BFSI-1.svg","https://www.veltris.com/wp-content/uploads/2025/11/Vertical-AI-HPS-Banner_600x800.png","https://www.veltris.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.8","https://www.veltris.com/wp-content/uploads/2023/09/Blogs.svg","https://www.veltris.com/wp-content/uploads/2025/09/CSR_main.svg","https://www.veltris.com/wp-content/uploads/2025/09/Investment-and-Wealth-Management-Firms.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/js/owl.carousel.min.js","https://www.veltris.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services_1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Insuretech.svg","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/double-quotes.svg","https://www.veltris.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solutions.svg","https://www.veltris.com/wp-content/uploads/2025/09/Electronics-and-Semiconductors.svg","https://www.veltris.com/wp-content/uploads/2025/09/Technology-Products-Platforms.svg","https://www.veltris.com/services/digital-cloud-engineering/","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Engagement.svg","https://www.veltris.com/wp-content/uploads/2025/09/GovTech-EdTech.svg","https://www.veltris.com/industries/healthcare-lifesciences/","https://www.veltris.com/careers/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.9.13","https://www.veltris.com/client-case-studies/","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0_1-1.svg","https://www.veltris.com/wp-content/uploads/2023/03/built-cognitive-engine-to-amp-up-customer-centricity.pdf","https://www.veltris.com/services/data-ai/","https://www.veltris.com/privacy-policy/","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/industries/","https://www.veltris.com/services/","https://www.veltris.com/wp-content/uploads/2022/11/Why-Choose-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.svg","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Care.svg","https://www.veltris.com/wp-content/uploads/2025/09/Communications-Service-Providers.svg","https://www.veltris.com/wp-content/uploads/2023/04/real-time-analytics-insights-for-online-video-streaming-giant.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Health-Tech.svg","https://www.veltris.com/services/connectivity-industry-x-0/","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Healthcare-Expertise.png","https://www.veltris.com/industries/electronics-and-semiconductors/","https://www.veltris.com/wp-content/uploads/2025/09/Engineering-and-Construction.svg","https://www.veltris.com/whitepapers/","https://www.veltris.com/wp-content/uploads/2025/09/Compliance-Ready-by-Design.png","https://www.veltris.com/wp-content/uploads/2025/09/Increase-in-Team-Productivity.png","https://www.veltris.com/wp-content/uploads/2025/11/Tarannum_Fatima.jpg","https://www.veltris.com/wp-content/uploads/2022/11/anvesh-200x200-1.jpeg","https://www.veltris.com/wp-content/themes/wavelabs/assets/css/style.css?ver=2.0","https://www.veltris.com/industries/broadcasting-and-ott-streaming/","https://www.veltris.com/wp-content/uploads/2022/11/Manivsrsh-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Domain-Specific-Accelerators.png","https://www.veltris.com/wp-content/uploads/2025/09/Autonomous-Vehicles-and-Logistics.svg","https://www.veltris.com/wp-content/uploads/2025/09/Data-Accuracy-Reliability.png","https://www.veltris.com/guides/","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC.svg","https://www.veltris.com/wp-content/uploads/2025/09/AI-First-Architecture.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/tech-towers/hpe.svg","https://www.veltris.com/schedule-a-meeting/","https://www.veltris.com/wp-content/uploads/2022/11/Surya-Vamsi-200x200-1.jpeg","https://www.veltris.com/wp-content/uploads/2025/09/Proven-Impact.png","https://www.veltris.com/wp-content/uploads/2025/11/Anurag_Choudhary.jpg","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industrials.svg","https://www.veltris.com/wp-content/uploads/2025/09/Life-at-Veltris-main.svg","https://www.veltris.com/wp-content/uploads/2022/09/carrers-img.jpeg","https://www.veltris.com/industries/technology-products-and-platforms/","https://www.veltris.com/ai-solutions/","https://www.veltris.com/wp-content/uploads/2025/09/Pharmacy-Benefit-Management-PBM.png","https://www.veltris.com/wp-content/uploads/2022/11/Madhav-J-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/04/AI_ML-Predict-HealthOptimize-Care.png","https://www.veltris.com/wp-content/uploads/2022/11/Venu.png","https://www.veltris.com/wp-content/uploads/2025/09/Innovate-Faster.png","https://www.veltris.com/wp-content/uploads/2025/05/Healthcare_600x800.png","https://www.veltris.com/about-us/","https://www.veltris.com/wp-content/uploads/2025/09/product-lifecycle-managed-healthcare.png","https://www.veltris.com/industries/communications-service-providers/","https://www.veltris.com/wp-content/uploads/2025/09/Accelerate-Insights.png","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/","https://www.veltris.com/wp-content/uploads/2025/09/digital-cloud-healthcare.png","https://www.veltris.com/industries/technology-communications-media/","https://www.veltris.com/industries/govtech-edtech/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/","https://www.veltris.com/wp-content/uploads/2025/04/Careers.png","https://www.veltris.com/ai-for-productivity/","https://www.veltris.com/wp-includes/blocks/paragraph/style.min.css?ver=6.9.4","https://www.veltris.com/wp-content/uploads/2022/11/Bhargavi-200x200-1.png","https://www.veltris.com/industries/engineering-construction/","https://www.veltris.com/sitemap/","https://www.veltris.com/wp-content/uploads/2025/09/Chip-to-Cloud-Engineering.png","https://www.veltris.com/wp-content/uploads/2025/11/MVSN_Raju.jpg","https://www.veltris.com/wp-content/uploads/2022/11/Ravi-Sanapla-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/healthcare-lifesciences-data-AI.png","https://www.veltris.com/wp-content/uploads/2022/11/Swathi-200x200-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Healthcare-Lifesciences_Banner_2000x700.png","https://www.veltris.com/resources/","https://www.veltris.com/wp-content/uploads/2022/11/Abdul-200x200-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Johnson.png","https://www.veltris.com/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed","https://www.veltris.com/wp-content/uploads/2025/04/Wearables_Continuous-Proactive-Care.png","https://www.veltris.com/industries/investment-and-wealth-management/","https://www.veltris.com/wp-content/uploads/2025/09/Broadcasting-and-OTT-Streaming.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/04/Careers_mob.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2F","https://www.veltris.com/wp-content/uploads/2025/04/Healthcare-1-1.png","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.9.13","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Boost-Productivity.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","https://www.veltris.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.textareaCounter.plugin.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/09/Redirect-Costs-to-Innovation.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.9.13","https://www.veltris.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Productivity-1-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Dental-Ecosystem.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.svg","https://www.veltris.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.9.13","https://www.veltris.com/get-my-ai-readiness-score/","https://www.veltris.com/blogs/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=380b7a5ec0757c78876bc8a59488f2f3","https://www.veltris.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.9.13","https://www.veltris.com/wp-content/uploads/2025/11/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Team.svg","https://www.veltris.com/wp-content/uploads/2025/04/Learning-Fun.svg","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study.pdf","https://www.veltris.com/wp-content/uploads/2026/02/scaling_hybrid_care_models_with_retail_economics.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Customer-Sucess.svg","https://www.veltris.com/wp-content/uploads/2026/02/driving_retention_through_preventive_care_subscription-models.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Velocity.svg","https://www.veltris.com/industries/healthtech-platforms/","https://www.veltris.com/wp-content/uploads/2025/04/Transparency.svg","https://www.veltris.com/wp-content/uploads/2025/11/Modernizing-a-Veterinary-Platforms-Front-End-and-Security-Architecture.pdf","https://www.veltris.com/wp-content/uploads/2025/09/Speciality-Digital-Healthcare-Providers.svg","https://www.veltris.com/wp-includes/blocks/heading/style.min.css?ver=6.9.4","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/","https://www.veltris.com/wp-includes/js/wp-embed.min.js","https://www.veltris.com/life-at-veltris/","https://www.veltris.com/wp-content/uploads/2026/02/converting_healthcare_visits_into_retail_revenue.pdf","https://www.veltris.com/events/","https://www.veltris.com/wp-includes/css/dashicons.min.css?ver=6.9.4","https://www.veltris.com/wp-json/wp/v2/pages/13944","https://www.veltris.com/wp-content/uploads/2022/11/Murali-Krishna-1-200x200-1.png","https://www.veltris.com/wp-content/uploads/2026/02/maximizing_value_from_diagnostics_and_medical_devices.pdf","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=b436459e6f25ebcd9e95ea18e1a35e19","https://www.veltris.com/wp-content/uploads/2025/04/Industry-Specific.svg","https://www.veltris.com/wp-content/uploads/2026/02/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study.pdf","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Care-Guide-Web-Platform-for-Streamlining-Clinical-Programs.pdf","https://www.veltris.com/wp-content/uploads/2026/02/improving_operational_efficiency_across_healthcare_retail_clinics.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-the-Enterprise-1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue-300x169.png","https://www.veltris.com/ai-for-enterprise/","https://www.veltris.com/cookie-policy/","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail-300x169.png","https://www.veltris.com/services/product-lifecycle-managed-services/","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data-300x169.png","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study-300x169.png","https://www.veltris.com/industries/insuretech/","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1-300x169.png","https://www.veltris.com/ai-for-industry/","https://www.veltris.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=21e5a4db1670166692ac5745329bfc80","https://www.veltris.com/?p=30392","https://www.veltris.com/wp-content/uploads/2026/02/personalizing_healthcare_and_retail_engagement_using_unified_data.pdf","https://www.veltris.com/industries/financial-pubsec-services/","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/pressroom/","https://www.veltris.com/wp-content/uploads/2025/10/Collating_Analyzing_Click_Analytics_Data_from_Google_Analytics_for_Marketing_Decisions.pdf","https://www.veltris.com/wp-content/uploads/2025/09/AI-for-Industry-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail-300x169.png","https://www.veltris.com/pressroom","https://www.veltris.com/industries/diversified-industrials/","https://www.veltris.com/wp-content/uploads/2025/11/Built-Strategic-Alignment-through-AScalable-and-Flexible-OKR-Dashboard.pdf","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50_engineering_productivity_gains.pdf","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Connectivity-Industry-X.0.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scaling-High-Volume-Veterinary-Reporting-Platform-1.pdf","https://www.veltris.com/wp-json/wp/v2/pressroom/30392","https://www.veltris.com/?p=25066","https://www.veltris.com/wp-content/uploads/2026/05/virtual_meetings_provider_scaled_reliable_video_experiences_case_Study_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Empowered-care-guides-with-a-scalable-web-platform-to-streamline-member-support-and-clinical-program-1.png","https://www.veltris.com/wp-content/uploads/2026/05/autonomous_delivery_model_powering_50__engineering_productivity_gains.png","https://www.veltris.com/wp-content/uploads/2025/04/API-Management-Complexity-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices.png","https://www.veltris.com/wp-content/uploads/2026/03/converting_healthcare_visits_into_retail_revenue.png","https://www.veltris.com/?p=14556","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Clinical-Workflow-Integration-Barriers.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.svg","https://www.veltris.com/whitepapers","https://www.veltris.com/wp-content/uploads/2025/12/Modernizing-Veterinary-Platform-Front-End-Security-Architecture-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering_Mob-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Business.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Dashboard_and_Analytics_Tools_for_Healthcare_Data_Available_with_a_Provider.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28540","https://www.veltris.com/wp-content/uploads/2025/04/Diversified-Industries-1.png","https://www.veltris.com/case-studies","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2025/07/Industries_mobile_banner.png","https://www.veltris.com/wp-json/wp/v2/pages/14556","https://www.veltris.com/blogs","https://www.veltris.com/wp-content/uploads/2026/05/ai-ready-data-fabric-for-a-multi-unit-dental-network.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research%2F","https://www.veltris.com/wp-content/uploads/2025/07/Services_mobile_banner.png","https://www.veltris.com/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/3","https://www.veltris.com/infographics","https://www.veltris.com/guides","https://www.veltris.com/wp-content/uploads/2025/12/Streamlining-Devops-Infrastructure-Management-for-a-Veterinary-Platform-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media-1.png","https://www.veltris.com/?p=27074","https://www.veltris.com/wp-content/uploads/2026/05/care_pbm_platform_modernization_case-study_thumbnail.png","https://www.veltris.com/resources","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/usa.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics_dark.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdigital-cloud-engineering%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies.png","https://www.veltris.com/?p=3","https://www.veltris.com/wp-json/wp/v2/pages/25086","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI_dark.svg","https://www.veltris.com/disclaimer/","https://www.veltris.com/wp-content/uploads/2025/07/Overview-img-size-640x470-1.png","https://www.veltris.com/wp-content/uploads/2023/04/designed-and-developed-ai-based-modern-and-frictionless-business-enablement-solutions.pdf","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/uploads/2025/04/Case-Studies_mob.png","https://www.veltris.com/wp-json/wp/v2/pages/27072","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Dallas.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-ai%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/pune.png","https://www.veltris.com/wp-content/uploads/2025/11/Thumbnail_Modernizing-Data-Infrastructure-for-Canadas-Largest-DSO_-1.png","https://www.veltris.com/wp-content/uploads/2025/09/Implementing-Digital-Twins-AI.png","https://www.veltris.com/wp-content/uploads/2025/12/Scaling-High-Volume-Veterinary-Reporting-Platform-Thumbnail.png","https://www.veltris.com/insights/","https://www.veltris.com/wp-content/uploads/2025/10/Collating-Analyzing-Click-Analytics-Data-from-Google-Analytics-for-Marketing-Decisions.png","https://www.veltris.com/privacy-policy/feed/","https://www.veltris.com/wp-content/uploads/2025/07/Digital_Cloud_Overview.png","https://www.veltris.com/?p=28540","https://www.veltris.com/wp-content/uploads/2025/07/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/bangalore.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents-300x169.png","https://www.veltris.com/?p=25086","https://www.veltris.com/industries/pharmacy-benefit-management-pbm/","https://www.veltris.com/wp-content/uploads/2023/03/intelligent-dashboard-for-deep-insights-into-household-energy-consumption.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/canada.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2F","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-Mobile-600X800.png","https://www.veltris.com/?p=27072","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_a_Water_Dispensing_Kiosk_into_an_IoT-Enabled_Platform.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27074","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fprivacy-policy%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating_multi-tenant_saas_virtual_communication_platform_to_aws_for_enhanced_scalability.pdf","https://www.veltris.com/services/azure-managed-services/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/Chicago.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fclient-case-studies%2F","https://www.veltris.com/wp-content/uploads/2025/10/Added_New_Features_and_Implemented_System_Enhancements_to_Improve_Reach.pdf","https://www.veltris.com/industries/dental-multi-unit-retail-health/","https://www.veltris.com/wp-content/uploads/2026/03/improving_operational_efficiency_across_healthcare_retail_clinics.png","https://www.veltris.com/wp-content/uploads/2025/07/Services_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-service-performance-by-delivering-flexible-solution-for-achieving-consistency.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/vietnam.png","https://www.veltris.com/wp-content/uploads/2026/03/personalizing_healthcare_and_retail_engagement_using_unified_data.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform--300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28409","https://www.veltris.com/wp-json/wp/v2/pages/14069","https://www.veltris.com/?p=22001","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthcare-lifesciences%2F","https://www.veltris.com/wp-content/uploads/2025/10/Developed-Dashboard-and-Analytics-Tools-for-Healthcare-Data-Available-with-a-Provider.png","https://www.veltris.com/?p=14560","https://www.veltris.com/wp-json/wp/v2/pages/25111","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcareers%2F","https://www.veltris.com/industries/diversified-industrials-manufacturing/","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_600x800.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/locations/india.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/04/improved-the-functional-performance-and-capacity-measurement-with-the-emulation-of-4g-5g.pdf","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based-Digitization-of-Documents.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital_Cloud_Overview.png","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Standards-Interoperability-Gaps.svg","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer-300x169.png","https://www.veltris.com/?p=28249","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/services/data-warehouse/","https://www.veltris.com/wp-content/uploads/2025/03/product-development.svg","https://www.veltris.com/wp-json/wp/v2/pages/25066","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos_thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/04/facilitating-different-sectors-to-envision-their-legacy-process-in-virtual-reality.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/?p=28383","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate-a-Film-Using-Generative-AI-for-the-Given-Script-without-Using-Autodesk-.png","https://www.veltris.com/?p=27965","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2023/03/to-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-their-customers.pdf","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1-300x169.png","https://www.veltris.com/wp-content/uploads/2026/03/maximizing_value_from_diagnostics_and_medical_devices-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-virtual-situation-rooms-to-conduct-training-through-gamification.pdf","https://www.veltris.com/wp-json/wp/v2/pages/14560","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2F","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-a-Water-Dispensing-Kiosk-into-an-IoT-Enabled-Platform-.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2F","https://www.veltris.com/?p=28409","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing_dark.svg","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers_mob-1.png","https://www.veltris.com/wp-content/uploads/2025/07/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-content/uploads/2025/09/OCR-Based_Digitization_of_Documents.pdf","https://www.veltris.com/wp-content/uploads/2023/03/to-unify-the-brands-identity-under-one-cohesive-website.pdf","https://www.veltris.com/wp-json/wp/v2/pages/27965","https://www.veltris.com/wp-content/uploads/2026/05/data-fabric-multi-unit-dental-network-case-study.png","https://www.veltris.com/wp-json/wp/v2/pages/28249","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations_mob.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fconnectivity-industry-x-0%2F","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability.png","https://www.veltris.com/wp-content/uploads/2025/07/AgenticAI-Tech-Stack-Play-scaled-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fschedule-a-meeting%2F","https://www.veltris.com/wp-content/uploads/2023/03/interconnecting-a-world-of-distinctive-video-conference-systems.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Whitepapers.png","https://www.veltris.com/wp-content/uploads/2025/07/Veltris_Accelerated_AI-Platform.png","https://www.veltris.com/services/data-modernization/","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Private-Wireless-Networks-1.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Felectronics-and-semiconductors%2F","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Multicloud-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_9-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Enterprise-Transport-Networks-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Implemented_a_D2C_Offering_to_Create_an_Extra_Source_of_Revenue_for_the_Client.pdf","https://www.veltris.com/wp-content/uploads/2023/04/crafted-an-NLP-model-for-a-seamless-user-experience.pdf","https://www.veltris.com/?p=15707","https://www.veltris.com/wp-content/uploads/2025/03/img_3-2.png","https://www.veltris.com/?p=19877","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-json/wp/v2/pages/28383","https://www.veltris.com/services/microsoft-cloud-platforms/","https://www.veltris.com/wp-content/uploads/2025/03/img_1-1.png","https://www.veltris.com/wp-content/uploads/2026/03/driving_retention_through_preventive_care_subscription_models.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Guides-and-Innovations.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fbroadcasting-and-ott-streaming%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_4-2.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/?p=28359","https://www.veltris.com/wp-content/uploads/2025/04/Darkblue_Data-AI.svg","https://www.veltris.com/wp-content/uploads/2025/11/Built-strategic-alignment-through-a-scalable-and-flexible-OKR-dashboard._-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7-1.png","https://www.veltris.com/wp-content/uploads/2025/03/img_3.png","https://www.veltris.com/wp-content/uploads/2023/04/Designed-and-Developed-AI-based-Modern-and-Frictionless-Business-Enablement-Solutions-1.png","https://www.veltris.com/wp-content/uploads/2022/11/Resources-banner-3070x1400-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_1-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2F","https://www.veltris.com/wp-json/wp/v2/pages/28359","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach--300x169.png","https://www.veltris.com/?p=25111","https://www.veltris.com/wp-content/uploads/2025/03/img_4-1.png","https://www.veltris.com/wp-json/wp/v2/pages/22001","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_19.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-the-Functional-Performance-and-Capacity-Measurement-with-the-Emulation-of-4G-5G-300x169.png","https://www.veltris.com/wp-content/uploads/2025/03/img_5.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_18.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-solutions%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_17.png","https://www.veltris.com/wp-content/uploads/2025/04/Financial-Services-1.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Customer-Experience-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/19877","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fcommunications-service-providers%2F","https://www.veltris.com/?p=28435","https://www.veltris.com/casestudies/built-a-robust-foundational-data-reporting-platform-for-a-leading-ott-solutions-provider/","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/28435","https://www.veltris.com/wp-content/uploads/2025/03/img_13.png","https://www.veltris.com/wp-content/uploads/2025/04/Cyber-Security-Infrastructure.svg","https://www.veltris.com/wp-content/uploads/2025/03/img_15.png","https://www.veltris.com/wp-json/wp/v2/pages/25319","https://www.veltris.com/wp-content/uploads/2023/03/to-upgrade-the-brands-identity-using-seo-strategies-and-integrating-the-backend.pdf","https://www.veltris.com/wp-content/uploads/2023/03/developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_6.png","https://www.veltris.com/?p=25319","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services.svg","https://www.veltris.com/industries/pharmacy-benefit-management/","https://www.veltris.com/wp-content/uploads/2025/04/IoMT-Integration-Security-Risks.svg","https://www.veltris.com/wp-json/wp/v2/pages/28005","https://www.veltris.com/wp-content/uploads/2025/10/Implemented-a-D2C-Offering-to-Create-an-Extra-Source-of-Revenue-for-the-Client.png","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Security.svg","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-responsive-web-app-and-video-streaming-platform-for-a-leading-makeup-artistry-school-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_11.png","https://www.veltris.com/wp-content/uploads/2025/03/img_7.png","https://www.veltris.com/wp-content/uploads/2025/10/Added-New-Features-and-Implemented-System-Enhancements-to-Improve-Reach-.png","https://www.veltris.com/?p=25298","https://www.veltris.com/wp-content/uploads/2025/03/img_5-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-json/wp/v2/pages/25298","https://www.veltris.com/wp-content/uploads/2025/03/img_20.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1-300x169.png","https://www.veltris.com/?p=28462","https://www.veltris.com/wp-content/uploads/2023/04/Real-time-Analytics-and-Insights-for-Online-Video-Streaming-Giant-1.png","https://www.veltris.com/wp-content/uploads/2025/07/AI-for-Productivity.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-communications-media%2F","https://www.veltris.com/wp-content/uploads/2026/01/Broadcasting-and-OTT-Streaming_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1-300x169.png","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/","https://www.veltris.com/?p=28005","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fautonomous-vehicles-and-logistics%2F","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2-300x169.png","https://www.veltris.com/?p=21999","https://www.veltris.com/wp-json/wp/v2/pages/28462","https://www.veltris.com/?p=28830","https://www.veltris.com/wp-content/uploads/2025/03/img_14.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Cybersecurity-Engineering-1.svg","https://www.veltris.com/wp-json/wp/v2/pages/21999","https://www.veltris.com/wp-content/uploads/2025/03/img_1.png","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to-.png","https://www.veltris.com/wp-content/uploads/2023/04/Crafted-an-NLP-Model-for-a-Seamless-User-Experience-2.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_a_Portal_to_Capture_Patient_Health_and_Provide_Treatment_Proactively.pdf","https://www.veltris.com/?p=14069","https://www.veltris.com/wp-content/uploads/2022/11/About-us-overview.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider.png","https://www.veltris.com/wp-content/uploads/2025/03/img_10.png","https://www.veltris.com/wp-content/uploads/2023/04/Improved-Service-Performance-by-Delivering-Flexible-Solution-for-Achieving-Consistency-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Interconnecting-a-world-of-distinctive-Video-conference-systems-1.png","https://www.veltris.com/wp-content/uploads/2022/07/Built-Fast-Flexible-Scalable-Platform-Solutions-for-Video-Service-and-OTT-Providers-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-SDLC-1-1.png","https://www.veltris.com/wp-content/uploads/2023/10/Streamlined-the-Service-Delivery-Space-for-the-Leading-Electrical-Appliances-Manufacturer.png","https://www.veltris.com/wp-content/uploads/2022/07/Threat-Monitoring-System-for-Concealed-Weapons-Explosives-Detection.png","https://www.veltris.com/wp-content/uploads/2026/01/CSP-Data-Engineering-Analytics-2.svg","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_2000x700.png","https://www.veltris.com/wp-content/uploads/2022/11/Why-us-660x440-1.png","https://www.veltris.com/wp-content/uploads/2025/04/CSP-WISP-Satcom-Service-providers.png","https://www.veltris.com/wp-content/uploads/2025/05/Data-AI-1.png","https://www.veltris.com/wp-json/wp/v2/pages/28830","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Content-Supply-Chain.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2025/04/AI-Assisted-Product-Platform-Engineering-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/engeering-Customer-Experience.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_6-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fai-for-productivity%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fengineering-construction%2F","https://www.veltris.com/wp-content/uploads/2022/07/Built-a-Robust-Foundational-Data-Reporting-Platform-for-a-Leading-OTT-Solutions-Provider-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/DataIntegrix_Productivity.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2025/03/Christmas-Celebration_3.png","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-Updated.svg","https://www.veltris.com/wp-content/uploads/2025/12/CreateAssetAI_Productivity.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/","https://www.veltris.com/wp-content/uploads/2025/12/SDLCAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana.png","https://www.veltris.com/wp-content/uploads/2023/03/To-Unify-the-Brands-Identity-Under-One-Cohesive-Website-1.png","https://www.veltris.com/wp-content/uploads/2025/12/AgenticBrowser_Productivity.png","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_600x800.png","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fspeciality-digital-healthcare-providers%2F","https://www.veltris.com/wp-content/uploads/2025/04/Comms-Infra-Network-Security-product-platform-vendors_.png","https://www.veltris.com/wp-content/uploads/2023/02/F-_White-Regulatory-Hurdles.svg","https://www.veltris.com/wp-content/uploads/2023/03/An-incident-management-organization-using-AI-to-reduce-risk-and-report-incidents-1.png","https://www.veltris.com/wp-content/uploads/2026/01/Technology-Products-and-Platforms_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Shiva.jpg","https://www.veltris.com/wp-content/uploads/2025/03/img_4.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively--300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics.svg","https://www.veltris.com/wp-content/uploads/2025/04/OTT-IPTV-Media-Infra-Broadcasting-Gaming-Service-providers.png","https://www.veltris.com/wp-content/uploads/2023/03/To-upgrade-the-Brands-Identity-using-SEO-Strategies-and-Integrating-the-Backend.png","https://www.veltris.com/wp-content/uploads/2025/04/Cloud-Infrastructure-Services_dark.svg","https://www.veltris.com/wp-content/uploads/2026/01/icon_Accelerate-with-Future-Ready-Tech-1.svg","https://www.veltris.com/wp-content/uploads/2025/10/Built_a_Web_Application_for_Users_to_Manage_their_Financial_Wealth_in_a_Highly_Secure_Infrastructure.pdf","https://www.veltris.com/wp-content/uploads/2025/03/investments.svg","https://www.veltris.com/wp-json/wp/v2/pages/28753","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-IoT-Amalgamation.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-300x169.png","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/30488","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification.png","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-application-to-buy-and-sell-all-type-of-funds.pdf","https://www.veltris.com/wp-content/uploads/2025/03/Sushma.png","https://www.veltris.com/wp-content/uploads/2025/04/About-us_Mob.png","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fgovtech-edtech%2F","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop_a_Mobile-First_Platform_for_Personalized_Assessments_Targeted_Interventions_to_Optimize_Mental_Fitness.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fabout-us%2F","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner.png","https://www.veltris.com/wp-content/uploads/2023/10/provided-cloud-based-administration-software-for-private-equity-funds-for-crm-database-and-portfolio-management.pdf","https://www.veltris.com/wp-content/uploads/2023/03/an-incident-management-organization-using-ai-to-reduce-risk-and-report-incidents.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ftechnology-products-and-platforms%2F","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-Logistics-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/LoCoAI_Productivity.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All.png","https://www.veltris.com/wp-content/uploads/2025/04/Legacy-System-Integration-Challenge.svg","https://www.veltris.com/wp-content/uploads/2024/04/Migrating-Multi-tenant-SaaS-Virtual-Communication-Platform-to-Cloud-for-Enhanced-Scalability-300x169.png","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/","https://www.veltris.com/wp-content/uploads/2023/04/Facilitating-Different-Sectors-to-Envision-Their-Legacy-Process-in-Virtual-Reality-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Platform_to_Improve_Inbound_and_Outbound_Process_at_Warehouse_and_Optimized_Resource_Allocation.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fhfs-challengers-code-report%2F","https://www.veltris.com/wp-content/uploads/2026/01/GovTech-EdTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2-1.png","https://www.veltris.com/wp-content/uploads/2024/04/LLM-VT-case-study-1.pdf","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_2000x700.png","https://www.veltris.com/wp-content/uploads/built-a-trading-application-to-trade-USA-stocks-from-different-countries-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize-.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-dashboard-for-Deep-Insights-Into-Household-Energy-Consumption-2.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecyle-Managed-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Intelligence-Data-AI.png","https://www.veltris.com/wp-content/uploads/2025/04/Hyper-Focused-Vertical-SaaS-Solutions.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/wp-content/uploads/2025/10/Created_Multi-Functional_Mobile_Applications_with_Single_Code_Base.pdf","https://www.veltris.com/wp-content/uploads/2025/03/img_3-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/03/img_2.png","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail-300x157.png","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/","https://www.veltris.com/wp-content/uploads/2022/07/Conversational-Chatbot-for-24-7-Customer-Support-Assistance.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_a_Mobile_App_with_Multiple_Accessibility_and_Metrics_for_Real-Time_Measurement.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inve.png","https://www.veltris.com/wp-content/uploads/2023/02/Regulatory-Hurdles.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-Integration.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_iOS_Android_Mobile_Applications_Platform_for_Better_Reach_to_the_Clients_Community.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-mobile-app-with-next-gen-UI-to-simplify-radon-test-vt.pdf","https://www.veltris.com/wp-content/uploads/2025/08/Maximizing-RCM-Potential-with-RPA-Enabled-Eligibility-Verification-Solution-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/03/img_9.png","https://www.veltris.com/wp-content/uploads/2025/03/img_8-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-A-Portal-to-Capture-Patients-Health-and-Provide-Treatment-Proactively-.png","https://www.veltris.com/wp-content/uploads/2026/01/Jai-Shankar.png","https://www.veltris.com/wp-content/uploads/2026/01/Electronics-and-Semiconductors-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-Cloud.svg","https://www.veltris.com/wp-content/uploads/2025/11/Scalable-Mobile-andWeb-Platform-for-Streamlined-Prescription-Care.pdf","https://www.veltris.com/wp-content/uploads/2025/03/smarter-products.svg","https://www.veltris.com/wp-content/uploads/2025/04/Deep-AI-Integration-as-Core-Functionality.png","https://www.veltris.com/wp-content/uploads/2025/03/img_12.png","https://www.veltris.com/wp-content/uploads/2023/03/Re-platforming-and-Cloud-Migration-from-Vertica-to-Snowflake-1-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Created_AWS_Infrastructure_Implemented_Custom_Automation.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-Face-Recognition-Model-for-Secure-and-Automated-Monitoring_.pdf","https://www.veltris.com/wp-content/uploads/2023/10/revamped-web-mobile-applications-for-increased-privacy-performance.pdf","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_banner.png","https://www.veltris.com/wp-content/uploads/2026/03/scaling_hybrid_care_models_with_retail_economics-300x169.png","https://www.veltris.com/wp-content/uploads/implementation-of-one-view-of-the-customer-to-a-big-insurance-and-banking-customer.pdf","https://www.veltris.com/wp-content/uploads/2023/03/built-a-deep-learning-model-for-image-improvement-image-restoration-super-resolution.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Multimodal-Data-Integration-Complexity.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challengers_code_report_mobile.png","https://www.veltris.com/wp-content/uploads/2023/03/Intelligent-Networks.png","https://www.veltris.com/wp-content/uploads/2023/10/built-mobile-applications-and-implemented-design-thinking-to-enhance-the-business.pdf","https://www.veltris.com/wp-content/uploads/2023/03/Cloud-Native-Network-Function-1.png","https://www.veltris.com/wp-content/uploads/2023/03/Developed-a-robust-platform-by-enhancing-the-application-for-a-future-focused-client-1.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-Engineering-and-Advanced-Analytics-1.svg","https://www.veltris.com/wp-content/uploads/built-an-efficient-information-retrieval-system-with-generativeAI-for-a-major-asset-management-firm.pdf","https://www.veltris.com/wp-content/uploads/2023/02/Content-Supply-Chain-1.png","https://www.veltris.com/wp-content/uploads/2023/03/designed-the-entire-architecture-of-a-software-and-services-platform-with-a-high-level-view-for-inventory-management.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance-1.svg","https://www.veltris.com/wp-content/uploads/2025/07/Industries_desktop_banner.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-Virtual-Situation-Rooms-to-Conduct-Training-Through-Gamification-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-web-app-to-monitor-communication-between-patients-and-care-teams.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-an-ios-application-for-users-to-share-their-travel-experience.pdf","https://www.veltris.com/wp-content/uploads/2023/03/end-to-end-mobile-and-web-application-to-help-navigate-and-provide-medical-claims-assistance.pdf","https://www.veltris.com/wp-content/uploads/2023/02/IoT-Amalgamation.png","https://www.veltris.com/wp-content/uploads/2025/10/Develop-a-Mobile-First-Platform-for-Personalized-Assessments-and-Targeted-Interventions-to-Optimize--300x169.png","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/","https://www.veltris.com/wp-content/uploads/2023/10/developed-ios-and-android-mobile-applications-to-help-users-practice-yoga.pdf","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio-300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/rebranding-of-the-website-and-developing-a-multi-platform-system-to-facilitate-operations.pdf","https://www.veltris.com/wp-content/uploads/to-reduce-the-rejection-rate-of-bills-by-creating-an-nlp-model-to-validate-the-same.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base--300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/Large-Scale-Data-Migration-Without-Downtime.pdf","https://www.veltris.com/wp-content/uploads/2023/10/developed-a-reliable-mobile-app-based-platform-for-everyday-management-tasks.pdf","https://www.veltris.com/wp-content/uploads/2022/07/Auto-Lubricant-Distributer-Digital-Engineering-Thumbnail.png","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity_Industry-X.0_Overview.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure-300x169.png","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/","https://www.veltris.com/wp-content/uploads/2025/10/Transformed_the_Entire_Operations_with_a_Digital_and_Mobile_Experience_.pdf","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/","https://www.veltris.com/wp-content/uploads/2025/03/img_8.png","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/","https://www.veltris.com/wp-content/uploads/2025/04/Private-5G-Networks-Secure-Connectivity-Services-1.svg","https://www.veltris.com/wp-content/uploads/2026/01/Engineering-ConstructionBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/04/IIoT-Enabled-Ecosystems-Edge-Computing-1.svg","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/","https://www.veltris.com/wp-content/uploads/2025/03/img_16.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds-300x169.png","https://www.veltris.com/wp-content/uploads/2026/01/Autonomous-Vehicles-and-LogisticsBanner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Network-Exposure-and-Integration-Updated.svg","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/","https://www.veltris.com/wp-content/uploads/2025/04/Systemic-Integration-Across-Trends.svg","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation--300x169.png","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Population-Health-Care-Coordination-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Build.png","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Digital-Health-Startups-SaaS-Platforms-1.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Monetize.png","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Developed-a-Platform-to-Improve-Inbound-and-Outbound-Process-at-Warehouse-and-Optimized-Resource-All-300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finvestment-and-wealth-management%2F","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/","https://www.veltris.com/wp-content/uploads/2023/10/built-ios-and-android-mobile-applications-for-health-and-wellness-monitoring-tool.pdf","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pages/27997","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/","https://www.veltris.com/wp-content/uploads/2025/11/Virtual-Care-Providers-1.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Data-AI.svg","https://www.veltris.com/wp-content/uploads/2023/10/Built-a-mobile-application-to-buy-and-sell-all-type-of-funds.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Built-a-Web-Application-for-Users-to-Manage-their-Financial-Wealth-in-a-Highly-Secure-Infrastructure.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm.png","https://www.veltris.com/wp-content/uploads/2026/01/investment-and-wealth-management-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/10/Integrating-with-Client-Legacy-Systems.svg","https://www.veltris.com/wp-content/uploads/2025/10/Unlocking-Advanced-AI-Analytics.svg","https://www.veltris.com/wp-json/wp/v2/pressroom/30525","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Speciality-Digital-Healthcare-Providers-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1.png","https://www.veltris.com/wp-content/uploads/2025/10/AI-Automation-Adoption.svg","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1.png","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/","https://www.veltris.com/wp-content/uploads/2026/01/Investment-Wealth-Management-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-1.pdf","https://www.veltris.com/guides/data-lakes-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-300x157.png","https://www.veltris.com/wp-content/uploads/2025/05/Improved-On-Time-Delivery-of-a-Leading-Auto-Lubricant-Distributer.pdf","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-Business-Transformation-Vendor-Selection-1.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Investment-Wealth-Management-Firms.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Monetize.png","https://www.veltris.com/guides/generative-ai-guide/","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm-300x169.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-300x157.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-300x157.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-1.pdf","https://www.veltris.com/wp-content/uploads/2025/10/Regulatory-Compliance-Burdens.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Build.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-300x157.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Eligibility-Automation-with-the-Eligibility-Bot-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Finsuretech%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fsitemap%2F","https://www.veltris.com/wp-content/uploads/2023/10/Developed-a-Web-App-to-Monitor-Communication-Between-Patients-and-Care-Teams.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-AWS-Infrastructure-Implemented-Custom-Automation-.png","https://www.veltris.com/wp-json/wp/v2/pages/29587","https://www.veltris.com/wp-content/uploads/2023/09/Modernizing-Legacy-Software-in-the-Hearing-Industry-33.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-768x402.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-768x402.png","https://www.veltris.com/wp-content/uploads/2025/07/insuretech.png","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-768x402.png","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-trading-application-to-trade-USA-stocks-from-different-countries-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Created-Multi-Functional-Mobile-Applications-with-Single-Code-Base-.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Product_Lifecycle_Managed_Services_Overview.png","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fhealthtech-platforms%2F","https://www.veltris.com/wp-content/uploads/2026/01/Digital-Cloud-Engineering-1.png","https://www.veltris.com/wp-content/uploads/2026/01/veltris_recognized_ai-first_consulting-firm-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries%2F","https://www.veltris.com/wp-content/uploads/2025/10/Generate_a_Film_Using_GenerativeAI_for_the_Given_Script_without_Using_Autodesk.pdf","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance.svg","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fproduct-lifecycle-managed-services%2F","https://www.veltris.com/wp-content/uploads/2025/03/img_5-1.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-768x402.png","https://www.veltris.com/wp-content/uploads/2023/02/Modern-Data-Stack-Adoption-%E2%80%93-1.svg","https://www.veltris.com/wp-content/uploads/2025/04/Press-Room-Coverimg-2-768x402.png","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-300x157.png","https://www.veltris.com/wp-json/wp/v2/pages/29239","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/R_-White-Siloed-Data-Sources-same-icon-from-Life-Sciences-copy.svg","https://www.veltris.com/wp-content/uploads/2023/02/M-E_White-Big-Data-Management.svg","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/04/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Ffinancial-pubsec-services%2F","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-300x157.png","https://www.veltris.com/wp-content/uploads/2025/10/GovTech-EdTech-in-Financial-Services-2.png","https://www.veltris.com/wp-content/uploads/2025/12/Veltris-partners-with-vectraAI.png","https://www.veltris.com/wp-content/uploads/2025/08/Accelerating-Claims-Turnaround-with-Revenue-Cycle-Management-Solutions-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/infographics.svg","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/white-papers.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/submit-your-review.svg","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom_mob.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2F","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-_dark.svg","https://www.veltris.com/wp-content/uploads/2026/05/ai-powered_aesthetic_assessment_for_caregiver_profile_photos.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/aboutus.svg","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/casestudies.svg","https://www.veltris.com/wp-content/uploads/2023/03/Implementation-of-One-View-of-the-Customer-to-a-big-Insurance-and-Banking-customer-1.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/25125","https://www.veltris.com/wp-content/uploads/2025/04/About-us-1.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/VIA-accelerators-productivity-banner-mobile.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-768x402.png","https://www.veltris.com/wp-content/uploads/2023/10/Built-an-Efficient-Information-Retrieval-System-with-Generative-AI-for-a-Major-Asset-Management-Firm.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-2048x1072.png","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/","https://www.veltris.com/wp-content/uploads/2025/04/Pressroom.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdiversified-industrials%2F","https://www.veltris.com/wp-json/wp/v2/pages/14022","https://www.veltris.com/industries/insuretech%20/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2023/02/Helping-a-client-with-post-production-support.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentimax.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1024x536.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Dentrix.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1024x536.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/","https://www.veltris.com/services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fazure-managed-services%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-2048x1072.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/leadership.svg","https://www.veltris.com/services/data-ai/embed/","https://www.veltris.com/wp-json/wp/v2/pages/29266","https://www.veltris.com/wp-content/uploads/2023/03/Built-a-modern-wealth-management-system-to-optimize-customers-wealth-1-300x169.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/","https://www.veltris.com/privacy-policy/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/contact-us.svg","https://www.veltris.com/wp-content/uploads/2025/12/Enhance-Supply-Chain.svg","https://www.veltris.com/services/digital-cloud-engineering/embed/","https://www.veltris.com/wp-content/uploads/2026/01/dental-Curvedental.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-Denticon.png","https://www.veltris.com/guides/generative-ai-in-construction-a-beginners-guide/","https://www.veltris.com/wp-content/uploads/2025/10/Achieving-Enterprise-Grade-Scalability.svg","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps-1.svg","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Insurance-Claims.svg","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Network-Security.svg","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fdental-multi-unit-retail-health%2F","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/10/Transformed-the-Entire-operations-Order-to-Shipment-with-a-Digital-and-Mobile-Experience.png","https://www.veltris.com/wp-content/uploads/2025/12/Expand-Telehealth-Services.svg","https://www.veltris.com/wp-content/uploads/2023/03/To-transform-every-customer-journey-through-cutting-edge-technology-that-brings-companies-closer-to--300x169.png","https://www.veltris.com/pressroom/veltris-recognized-as-an-ai-first-consulting-firm-by-constellation-research/embed/","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon-300x169.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_Mobile_App_with_Multiple_Accessibility_Metrics_for_Real-Time_Measurement.png","https://www.veltris.com/wp-content/uploads/2026/01/dental-DSN.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Monetize.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed_MR_Training_System_for_VR_Glass_Company_to_Turn_Multiple_Training_Sessions_for_Employees_into_a_Game.pdf","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/blogs.svg","https://www.veltris.com/wp-content/uploads/2025/05/Product-Lifecycle-Managed-Services-1.png","https://www.veltris.com/wp-json/wp/v2/pages/25452","https://www.veltris.com/wp-content/uploads/2025/12/Optimized-Scheduling.svg","https://www.veltris.com/wp-content/uploads/2023/10/Provided-Cloud-Based-Administration-Software-for-Private-Equity-Funds-for-CRM-Database-and-Portfolio.png","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-300x157.png","https://www.veltris.com/wp-content/plugins/gravityforms/js/duplicate-submissions.min.js?ver=1","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1024x576.png","https://www.veltris.com/wp-json/wp/v2/pages/30007","https://www.veltris.com/wp-content/uploads/2025/12/Streamline-Clinic-Operations.svg","https://www.veltris.com/wp-content/uploads/2023/03/Network-Planning-and-Design.svg","https://www.veltris.com/guides/cxos-essentials-understanding-genai-applications-underwriting-claims/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/404.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_600x800.png","https://www.veltris.com/wp-content/uploads/2025/10/Developed-MR-Training-System-for-VR-Glass-Company-to-Turn-Multiple-Training-Sessions-for-Employees-i.png","https://www.veltris.com/industries/embed/","https://www.veltris.com/wp-content/uploads/2025/12/veltris_investing_verticalAI_PR_thumbnail-300x157.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1-1024x536.png","https://www.veltris.com/careers/embed/","https://www.veltris.com/wp-content/uploads/2025/11/Built-A-Secure-and-Scalable-Client-Portal-toEnable-Transparency-Control-andStreamlined-PBM-Operations.pdf","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Build.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-MURH-Modernize.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-1536x864.png","https://www.veltris.com/wp-content/uploads/2023/11/Vishal-Kapoor.png","https://www.veltris.com/wp-content/uploads/2024/04/Investment-Analysts-with-AI-Driven-Insights-using-RAG-LLM.png","https://www.veltris.com/wp-content/uploads/2023/01/Roadmap-for-business-transformation-and-vendor-selection-300x169.png","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/notes.svg","https://www.veltris.com/wp-json/wp/v2/pages/29423","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2023/03/3D-reality-capture-for-buildings-structures-1.pdf","https://www.veltris.com/industries/healthcare-lifesciences/embed/","https://www.veltris.com/industries/orthdontics/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/industries/electronics-and-semiconductors/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-warehouse%2F","https://www.veltris.com/services/connectivity-industry-x-0/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Managed-Services-with-AI-Driven-Operations-AIOps.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/icons/approach.svg","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail.png","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac-300x169.png","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-Care-DSOs.png","https://www.veltris.com/wp-content/uploads/2025/12/Dental-and-Retail-Health-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/12/Ensure-HIPAA-Compliance.svg","https://www.veltris.com/schedule-a-meeting/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Retail-Health.png","https://www.veltris.com/industries/broadcasting-and-ott-streaming/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/industries/communications-service-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fdata-modernization%2F","https://www.veltris.com/wp-content/uploads/2023/09/Kader-Khan.jpg","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/wp-content/uploads/2025/08/Transforming-Dental-Patients-Experience-with-an-AI-Chatbot-Thumbnail.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail-768x433.png","https://www.veltris.com/wp-content/uploads/2026/01/Communications-Service-Providers-Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/29339","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Findustries%2Fpharmacy-benefit-management%2F","https://www.veltris.com/guides/nlp-llm-chatbots-guide/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/twitter.svg","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/linkedin.svg","https://www.veltris.com/industries/autonomous-vehicles-and-logistics/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-768x432.png","https://www.veltris.com/client-case-studies/embed/","https://www.veltris.com/wp-content/uploads/2025/04/Agentic-AI-1.svg","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail.png","https://www.veltris.com/whitepapers/embed/","https://www.veltris.com/wp-content/uploads/2025/08/Revolutionizing-Patient-Engagement-for-a-DSO-with-Veltris-Innovative-System-Thumbnail.png","https://www.veltris.com/industries/animal-health-veterinary/","https://www.veltris.com/ai-solutions/embed/","https://www.veltris.com/wp-content/themes/wavelabs/assets/images/social-icons/facebook.svg","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/","https://www.veltris.com/wp-content/uploads/2025/11/Built-a-secure-and-scalable-client-portal-to-enable-transparency-control-and-streamlined-PBM-opera-1.png","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-Concealed-Weapons-and-Explosives-Detection.png","https://www.veltris.com/industries/engineering-construction/embed/","https://www.veltris.com/wp-content/uploads/2019/08/Wavelabs-Case-Study-Waterlily.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/14005","https://www.veltris.com/ai-for-productivity/embed/","https://www.veltris.com/industries/technology-communications-media/embed/","https://www.veltris.com/wp-content/uploads/2025/07/Data_AI_Overview.png","https://www.veltris.com/wp-content/uploads/2023/03/re-platforming-and-cloud-migration-from-vertica-to-snowflake.pdf","https://www.veltris.com/wp-content/uploads/2025/05/Financial-Services_2000x700.png","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Coverimg-03-1.png","https://www.veltris.com/guides/embed/","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_600x800.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/wp/v2/casestudies/28105","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/industries/vision-care/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2025/11/Designed-a-secure-and-scalable-mobile-and-web-platform-to-enhance-member-experience-and-streamline-p-1.png","https://www.veltris.com/about-us/embed/","https://www.veltris.com/industries/speciality-digital-healthcare-providers/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fmaximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution%2F","https://www.veltris.com/wp-content/uploads/2023/05/PMS-Migration-from-Eaglesoft-to-Denticon.png","https://www.veltris.com/industries/technology-products-and-platforms/embed/","https://www.veltris.com/wp-content/uploads/2024/09/Press-Room-Cimg-CEO-02.png","https://www.veltris.com/wp-content/uploads/2025/04/Digital-and-Cloud-Engineering.png","https://www.veltris.com/wp-json/wp/v2/pages/29303","https://www.veltris.com/wp-content/uploads/2025/08/Digital-Platform-Overhaul-To-Enhances-Automation-Sales-Thumbnail.png","https://www.veltris.com/industries/govtech-edtech/embed/","https://www.veltris.com/wp-content/uploads/2020/04/Wavelabs-Case-Study-AI-Conversational-Chatbot-Improved-Customer-Support.png","https://www.veltris.com/wp-content/uploads/2026/01/Pharmacy-Benefit-Management-PBM_Banner_2000x700.png","https://www.veltris.com/wp-json/wp/v2/pressroom/30163","https://www.veltris.com/wp-content/uploads/2025/08/Increasing-Data-Insights-with-API-Integration-Thumbnail-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fthreat-monitoring-system-for-concealed-weapons-explosives-detection%2F","https://www.veltris.com/wp-content/uploads/2026/01/insuretech-Modernize.png","https://www.veltris.com/wp-content/uploads/2023/03/built-a-modern-wealth-management-system-to-optimize-customers-wealth.pdf","https://www.veltris.com/wp-content/uploads/2025/07/AI-Solution-2000-700.png","https://www.veltris.com/cxo-essentials/hfs-challengers-code-report/embed/","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16-1536x804.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-content/uploads/2025/05/Connectivity-Industry-X.0_2000x700.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fblogs%2Fwhy-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them%2F","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27892","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/feed/","https://www.veltris.com/wp-content/uploads/2023/03/Real-time-predictive-model-to-estimate-viable-cell-density-in-the-commercial-production-of-a-pharmac.png","https://www.veltris.com/wp-json/wp/v2/pages/28655","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/27893","https://www.veltris.com/guides/generative-ai-in-real-estate-a-beginners-guide/","https://www.veltris.com/wp-json/wp/v2/casestudies/14008","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fconversational-chatbot-for-24-7-customer-support-assistance%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-json/wp/v2/posts/30383","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/18484","https://www.veltris.com/wp-json/wp/v2/cxo-essentials/28021","https://www.veltris.com/wp-content/uploads/2025/04/Product-Support-and-Maintenance_dark.svg","https://www.veltris.com/wp-json/wp/v2/casestudies/13998","https://www.veltris.com/wp-json/wp/v2/casestudies/14009","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-mobile-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/29924","https://www.veltris.com/wp-content/uploads/2024/07/Transformed-Cardiac-Care-by-Assisting-Heart-Monitor-Manufacturer-in-Remote-Patient-Monitoring.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/22390","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2F3-fixes-it-leaders-are-making-before-tackling-ai%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fimproved-on-time-delivery-of-a-leading-auto-lubricant-distributer%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2026/05/veltrisone_pr_thumbnail-1-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/11/Web_Banner.png","https://www.veltris.com/wp-content/uploads/2025/07/Whats_Actually_Working_for_Risk_Compliance_Ops_Leaders_Mobile.png","https://www.veltris.com/industries/investment-and-wealth-management/embed/","https://www.veltris.com/wp-content/uploads/2025/10/InsureTech_Banner_2000x700.png","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage%2F","https://www.veltris.com/wp-content/uploads/2020/05/Screenshot-2020-06-19-at-12.04.16-PM-1.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fgenerative-ai-strategy-to-transform-your-enterprise%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcasestudies%2Fbuilt-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers%2F","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/12/Accelerate-Billing-Cycles.svg","https://www.veltris.com/wp-content/uploads/2025/07/What_Actually_Working_for_Risk_Compliance_Ops_Leaders.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/08/Improved-Patient-Interactions-%E2%80%93-HIPAA-Compliant-PMS-Integration-with-the-Phone-System-Thumbnail-768x433.png","https://www.veltris.com/wp-json/wp/v2/guides/27284","https://www.veltris.com/wp-content/uploads/2025/03/MicrosoftTeams-image-16.png","https://www.veltris.com/wp-json/wp/v2/guides/24716","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-in-manufacturing-a-beginners-guide%2F","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/why-digital-first-banking-is-critical-for-growth-in-2025-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leader-introduction-mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2024/05/CTA-thumbnail-03.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fservices%2Fmicrosoft-cloud-platforms%2F","https://www.veltris.com/wp-json/wp/v2/guides/27290","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Mob-Banner-18.png","https://www.veltris.com/wp-content/uploads/2025/05/banking-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-300x169.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-mobile.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/23233","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-real-estate-property-development-management-sales%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-300x169.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-mobile-banner.png","https://www.veltris.com/wp-content/uploads/2025/06/genAI-realestate-property-development-management-sales-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fbringing-expertise-tools-to-enable-intelligent-healthcare%2F","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-300x169.png","https://www.veltris.com/wp-json/wp/v2/guides/24027","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_1-3-768x433.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-json/wp/v2/guides/27460","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fmodern-databases-key-to-genai-roi-in-banking-a-strategic-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_3-768x433.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail_Coverpage-2.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhy-digital-first-banking-is-critical-for-growth-in-2025%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fcxo-essentials%2Fwhats-actually-working-for-risk-compliance-and-ops-leaders%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier.png","https://www.veltris.com/wp-json/wp/v2/guides/27306","https://www.veltris.com/wp-content/uploads/2025/06/cxo-essentials-generative-AI-trading-investment-management-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/27456","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fagentic-ai-explained-introductory-guide-to-autonomous-ai-systems%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-json/wp/v2/guides/27447","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner-05.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Funlocking-the-true-potential-of-data-ai%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-768x432.png","https://www.veltris.com/industries/insuretech/embed/","https://www.veltris.com/wp-content/uploads/2025/05/healthcare-cxo-essentials-cloud-native-data-banner.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data%2F","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion-768x432.png","https://www.veltris.com/wp-content/uploads/2024/08/Banner_mobile-08.png","https://www.veltris.com/sitemap/embed/","https://www.veltris.com/wp-json/wp/v2/whitepapers/13975","https://www.veltris.com/wp-content/uploads/2025/06/genAI-construction-design-project-management-safety-mobile.png","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-768x402.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-300x169.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fdecoding-cloud-computing-a-comprehensive-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/What-is-Generative-AI-image-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1.png","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence-768x432.png","https://www.veltris.com/wp-content/uploads/2024/03/a_NVIDIA_Mobile_BAnner.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1024x536.png","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Guide__Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-300x146.png","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable.png","https://www.veltris.com/wp-content/uploads/2023/04/generative-ai-strategy-to-transform-your-enterprise-whitepaper-banner-scaled.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fdata-lakes-a-beginners-guide%2F","https://www.veltris.com/wp-json/wp/v2/guides/25816","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/12/Lake-Flexible-and-Adaptable-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/The-Rise-of-Artificial-Intelligence.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/12/why_organizations_need_data_lakes-1-768x432.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-300x157.png","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_2.png","https://www.veltris.com/wp-json/wp/v2/guides/22087","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-genai-construction-design-project-management-safety%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/decoding-cloud_computing-whitepaper-banner.png","https://www.veltris.com/wp-json/wp/v2/guides/24724","https://www.veltris.com/wp-content/uploads/2025/02/Bankings-Digital-Metamorphosis-A-Technological-Timeline-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1024x536.png","https://www.veltris.com/wp-json/wp/v2/guides/25826","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes-1024x576.png","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-guide%2F","https://www.veltris.com/wp-content/uploads/2024/04/Transformer-Based-Models.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-300x157.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide_banner-02.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/The-Evolution-of-AI-in-Banking.png","https://www.veltris.com/services/product-lifecycle-managed-services/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Redefining-Banking-with-Generative-AI-768x432.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-300x169.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-768x402.png","https://www.veltris.com/pressroom/veltris-launches-veltrisone-a-vertical-ai-orchestration-platform-purpose-built-to-power-micro-industries/embed/","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-%E2%80%93-The-Next-Technology-Frontier-768x432.png","https://www.veltris.com/wp-content/uploads/2023/03/streamlined-the-service-delivery-space-for-the-leading-electrical-appliances-manufacturer.pdf","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/blogs/data-ai/","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory%2F","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-300x169.png","https://www.veltris.com/wp-json/wp/v2/pages/15707","https://www.veltris.com/wp-json/wp/v2/guides/27301","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/07/3_Fixes_IT_Leaders_Are_Making_Before_Tackling_AI_Mobile.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-banking-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-768x432.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fscaling-your-saas-business-with-proven-growth-strategies%2F","https://www.veltris.com/wp-content/uploads/2024/12/Stat-Image_4-768x433.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-300x157.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important-768x373.png","https://www.veltris.com/wp-json/wp/v2/guides/24233","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-768x402.png","https://www.veltris.com/industries/financial-pubsec-services/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-300x157.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24729","https://www.veltris.com/wp-content/uploads/2025/05/cxo-essentials-generative-AI-banking-leade-2.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/12/building_robust_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/wp/v2/guides/27311","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-capital-markets-a-beginners-guide%2F","https://www.veltris.com/industries/diversified-industrials/embed/","https://www.veltris.com/industries/dental-multi-unit-retail-health/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-768x432.png","https://www.veltris.com/services/azure-managed-services/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-300x169.png","https://www.veltris.com/wp-content/uploads/2024/12/characteristics_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/20171","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-768x402.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-2048x1072.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Healthcare-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fcxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-content/uploads/2024/12/benefits_of_data_lake-1-1024x576.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fintelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-in-insurance-a-beginners-guide%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/guides/25822","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1024x536.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-content/uploads/2025/05/Transforming-Clinical-Workflows.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-768x402.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fguides%2Fgenerative-ai-for-business-leaders-understanding-strategy-impact-and-roi%2F","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen.png","https://www.veltris.com/wp-json/wp/v2/guides/24710","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services%2F","https://www.veltris.com/wp-json/wp/v2/whitepapers/21390","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1024x536.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Life-Sciences-1536x804.png","https://www.veltris.com/wp-content/uploads/2026/04/hfs_challenges_lp_thumbnail-300x169.png","https://www.veltris.com/wp-content/uploads/2025/05/true-cost-data-silos-strategic-value-AI-ready-healthcare-data-mobile.png","https://www.veltris.com/wp-content/uploads/2025/04/Connectivity-Industry-X.0.png","https://www.veltris.com/pressroom/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas.png","https://www.veltris.com/wp-content/uploads/2025/05/CXOs-Essentials-Digital-Transformation-in-Banking-Understanding-Cloud-Native-Data-Fintech-Secur.png","https://www.veltris.com/wp-json/wp/v2/pressroom/24954","https://www.veltris.com/wp-content/uploads/2025/02/Digitalization-and-Data-Explosion.png","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/wp-content/uploads/2024/05/Generative-Ai-Guide_Generative-AI-Market-Size-2048x1072.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-aims-to-close-3-to-5-deals-within-18-months-ceo%2F","https://www.veltris.com/industries/healthtech-platforms/embed/","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now-768x432.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-Banking-Platforms-in-the-Market-Right-Now.png","https://www.veltris.com/wp-content/uploads/2024/09/Hiral-Chandrana-241x300.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal.png","https://www.veltris.com/wp-content/uploads/2025/05/Mobile.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025-768x432.png","https://www.veltris.com/wp-content/uploads/2022/02/decoding-5g-thumbnail.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Travel-and-Hospitality-1536x804.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Media-and-Entertainment-2048x1072.png","https://www.veltris.com/wp-json/wp/v2/whitepapers/13977","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper_banners_Industry-Homepage-Banner-copy-2-9.06.27-PM.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12.png","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-2048x1152.png","https://www.veltris.com/wp-json/wp/v2/guides/24407","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-Business-Models-300x169.png","https://www.veltris.com/wp-content/uploads/2025/04/Communications-Media_mob.png","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-BFSI-1536x804.png","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking.png","https://www.veltris.com/wp-content/uploads/2025/02/Why-is-Generative-AI-in-Banking-Important.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Fveltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response%2F","https://www.veltris.com/wp-json/wp/v2/pressroom/30188","https://www.veltris.com/wp-json/wp/v2/guides/24449","https://www.veltris.com/wp-content/uploads/2024/01/MicrosoftTeams-image-2.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13.png","https://www.veltris.com/wp-content/uploads/2025/07/Thumbnail__3-Fixes-IT-Leaders-Are-Making-Before-Tackling-AI.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07.png","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Leading-Banks-are-Stepping-up-their-Generative-AI-Agendas-768x432.png","https://www.veltris.com/services/data-warehouse/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/images/banner-img/casestudies-banner.png","https://www.veltris.com/casestudies/maximizing-rcm-potential-with-rpa-enabled-eligibility-verification-solution/embed/","https://www.veltris.com/wp-content/uploads/2025/05/executive-guide-healthcare-AI-integrated-data-clinical-banner.png","https://www.veltris.com/wp-content/uploads/2025/02/Generative-AI-in-Banking-Trends-in-2025.png","https://www.veltris.com/wp-json/wp/v2/pressroom/23302","https://www.veltris.com/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fwhitepapers%2Fthe-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem%2F","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/images/banner-img/casestudies-banner.png","https://www.veltris.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.veltris.com%2Fpressroom%2Ftrive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member%2F","https://www.veltris.com/wp-content/uploads/2024/12/navigating_data_explosion_data_lakes.png","https://www.veltris.com/pressroom/veltris-investing-on-vertical-ai-ai-powered-solution-accelerators-to-build-modernize-and-monetize-investments-for-micro-industries/embed/","https://www.veltris.com/cxo-essentials/3-fixes-it-leaders-are-making-before-tackling-ai/embed/","https://www.veltris.com/guides/ai-trends-for-pbms-in-2026-the-cxo-guide-to-cost-control-compliance-and-competitive-advantage/embed/","https://www.veltris.com/industries/pharmacy-benefit-management/embed/","https://www.veltris.com/casestudies/threat-monitoring-system-for-concealed-weapons-explosives-detection/embed/","https://www.veltris.com/cxo-essentials/why-digital-first-banking-is-critical-for-growth-in-2025/embed/","https://www.veltris.com/casestudies/improved-on-time-delivery-of-a-leading-auto-lubricant-distributer/embed/","https://www.veltris.com/services/data-modernization/embed/","https://www.veltris.com/guides/agentic-ai-in-manufacturing-a-beginners-guide/embed/","https://www.veltris.com/guides/modern-databases-key-to-genai-roi-in-banking-a-strategic-guide/embed/","https://www.veltris.com/casestudies/built-fast-flexible-scalable-platform-solutions-for-video-service-and-ott-providers/embed/","https://www.veltris.com/wp-content/uploads/2025/02/Gen-AI-to-Reshape-Banking-768x432.png","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-banking-understanding-cloud-native-data/embed/","https://www.veltris.com/whitepapers/decoding-cloud-computing-a-comprehensive-guide/embed/","https://www.veltris.com/guides/cxos-essentials-genai-real-estate-property-development-management-sales/embed/","https://www.veltris.com/wp-content/uploads/2024/07/The-metaverse-meet-scaled.png","https://www.veltris.com/guides/cxos-actionable-guide-ai-and-integrated-data-healthcare-transforming-clinical-workflows/embed/","https://www.veltris.com/whitepapers/unlocking-the-true-potential-of-data-ai/embed/","https://www.veltris.com/wp-content/uploads/2024/05/Generative-AI-Use-Cases-in-Retail-2048x1072.png","https://www.veltris.com/wp-content/uploads/2025/02/generative_AI_banking_banner.png","https://www.veltris.com/whitepapers/bringing-expertise-tools-to-enable-intelligent-healthcare/embed/","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/images/banner-img/casestudies-banner.png","https://www.veltris.com/guides/agentic-ai-vs-generative-ai-key-differences-use-cases-and-choosing-the-right-approach/embed/","https://www.veltris.com/whitepapers/generative-ai-strategy-to-transform-your-enterprise/embed/","https://www.veltris.com/casestudies/conversational-chatbot-for-24-7-customer-support-assistance/embed/","https://www.veltris.com/whitepapers/the-future-of-businesses-in-2025-embracing-a-comprehensive-integrated-technological-ecosystem/embed/","https://www.veltris.com/services/microsoft-cloud-platforms/embed/","https://www.veltris.com/cxo-essentials/whats-actually-working-for-risk-compliance-and-ops-leaders/embed/","https://www.veltris.com/guides/data-lakes-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2023/02/Immersive-Entertainment-Experiences.png","https://www.veltris.com/guides/cxos-essentials-generative-ai-in-banking-a-leaders-introduction-to-financial-impact-risks-and-opportunities/embed/","https://www.veltris.com/blogs/why-only-5-7-of-enterprises-successfully-scale-ai-and-how-to-be-one-of-them/embed/","https://www.veltris.com/wp-content/uploads/2022/07/bringing-expertise-tools-to-enable-intelligent-healthcare-whitepaper-banner-scaled.png","https://www.veltris.com/wp-content/uploads/2024/12/Data-Lakes-Beginners-Guide_Banner-02-1.png","https://www.veltris.com/guides/agentic-ai-explained-introductory-guide-to-autonomous-ai-systems/embed/","https://www.veltris.com/wp-content/uploads/2025/12/Dental-care_1.gif","https://www.veltris.com/guides/cxos-essentials-genai-construction-design-project-management-safety/embed/","https://www.veltris.com/guides/cxos-essentials-generative-ai-unlocking-alpha-risk-management-client-advisory/embed/","https://www.veltris.com/guides/cxos-essentials-digital-transformation-in-healthcare-understanding-cloud-native-data-in-healthcare/embed/","https://www.veltris.com/guides/generative-ai-guide/embed/","https://www.veltris.com/wp-json/wp/v2/categories/606","https://www.veltris.com/wp-content/uploads/2025/05/A-Leaders-Introduction-to-Financial-Impact-Risks-and-Opportunities.png","https://www.veltris.com/whitepapers/scaling-your-saas-business-with-proven-growth-strategies/embed/","https://www.veltris.com/guides/intelligent-connectivity-powered-by-cloud-native-6g-a-detailed-guide/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1.png","https://www.veltris.com/wp-content/uploads/2025/05/Understanding-Cloud-Native-Data-in-Healthcare.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet.png","https://www.veltris.com/guides/generative-ai-in-banking-a-beginners-guide/embed/","https://www.veltris.com/guides/cxos-roi-handbook-data-transformation-in-healthcare-the-strategic-value-of-ai-ready-healthcare-data/embed/","https://www.veltris.com/guides/generative-ai-in-capital-markets-a-beginners-guide/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Trading-Investment-Management-Unlocking-Alpha-Risk-Managemen-300x169.png","https://www.veltris.com/pressroom/trive-capital-baylink-capital-create-veltris-to-deliver-next-generation-artificial-intelligence-and-digital-product-engineering-services/embed/","https://www.veltris.com/pressroom/veltris-acquires-bpk-technologies-to-expand-digital-and-ai-capabilities-in-healthcare-industries/embed/","https://www.veltris.com/guides/generative-ai-in-insurance-a-beginners-guide/embed/","https://www.veltris.com/blogs/data-ai/page/2/","https://www.veltris.com/pressroom/veltris-aims-to-close-3-to-5-deals-within-18-months-ceo/embed/","https://www.veltris.com/wp-includes/blocks/table/theme.min.css?ver=6.9.4","https://www.veltris.com/guides/generative-ai-for-business-leaders-understanding-strategy-impact-and-roi/embed/","https://www.veltris.com/wp-content/uploads/2024/04/Generative-AI-Guide-1-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-13-300x171.png","https://www.veltris.com/wp-content/uploads/2022/07/Whitepaper-Thumbnail_Coverpage-2-12-300x171.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-1024x585.png","https://www.veltris.com/wp-content/uploads/2024/06/Whitepaper-Thumbnail-19.png","https://www.veltris.com/pressroom/trive-capital-and-baylink-capital-backed-veltris-appoints-hiral-chandrana-as-ceo-and-board-member/embed/","https://www.veltris.com/wp-includes/blocks/table/style.min.css?ver=6.9.4","https://www.veltris.com/blogs/data-ai/feed/","https://www.veltris.com/pressroom/veltris-partners-with-vectra-ai-to-provide-proactive-ai-driven-threat-detection-and-response/embed/","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Real-Estate-Transforming-Property-Development-Management-Sal-300x169.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-10-300x171.png","https://www.veltris.com/wp-content/uploads/2024/01/Whitepaper-Thumbnail_Coverpage-2-11-300x171.png","https://www.veltris.com/wp-content/uploads/2025/06/CXOs-Essentials-Generative-AI-in-Construction-Revolutionizing-Design-Project-Management-Safet-300x169.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-300x171.png","https://www.veltris.com/wp-content/uploads/2024/08/Thumbnails-07-768x439.png","https://www.veltris.com/blogs/real-time-private-equity-how-vertical-ai-accelerates-value-creation/feed/","https://www.veltris.com/blogs/why-critical-infrastructure-requires-vertical-ai-to-scale-responsibly/feed/","https://www.veltris.com/blogs/kpi-driven-insights-for-dsos-reducing-staffing-costs-and-unlocking-new-growth/feed/","https://www.veltris.com/blogs/plugging-the-leak-stopping-patient-drift-with-predictive-engagement/feed/","https://www.veltris.com/blogs/why-ai-agents-are-the-future-of-healthcare-revenue-performance/feed/","https://www.veltris.com/blogs/protecting-the-bid-how-predictive-costing-stops-profit-fade/feed/","https://www.veltris.com/blogs/data-ai/page/3/","https://www.veltris.com/blogs/from-reports-to-foresight-why-ai-analytics-now-decide-pbm-competitive-advantage/feed/","https://www.veltris.com/blogs/agentic-ai-for-manufacturers-enabling-connected-design-smarter-decisions-and-reliable-operations/feed/","https://www.veltris.com/blogs/maximizing-revenue-per-mile-why-static-pricing-is-leaving-money-on-the-table/feed/","https://www.veltris.com/wp-json/wp/v2/posts/30371","https://www.veltris.com/wp-json/wp/v2/posts/30377","https://www.veltris.com/wp-json/wp/v2/posts/30381","https://www.veltris.com/wp-json/wp/v2/posts/30353","https://www.veltris.com/wp-json/wp/v2/posts/30355","https://www.veltris.com/wp-json/wp/v2/posts/30375","https://www.veltris.com/wp-json/wp/v2/posts/30341","https://www.veltris.com/wp-json/wp/v2/posts/30369","https://www.veltris.com/wp-json/wp/v2/posts/30357","https://www.veltris.com/blogs/data-ai/page/4/","https://www.veltris.com/blogs/data-ai/page/5/","https://www.veltris.com/blogs/data-ai/page/6/","https://www.veltris.com/blogs/data-ai/page/7/","https://www.veltris.com/blogs/data-ai/page/8/"],"duration":10.663292169570923},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.03292751312256},"passive_scan":{"status":"completed","duration":0.001825094223022461},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.veltris.com","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"1","status":"completed","duration":1470.2777059078217},"vulnerabilities":{"total_alerts":0,"high_risk":0,"medium_risk":0,"low_risk":0,"informational":0,"alerts_by_risk":{"High":[],"Medium":[],"Low":[],"Informational":[]},"vulnerability_types":{},"owasp_top10":{}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a0f9d1e815737cc6adaf4d9"},"created_at":{"$date":"2026-05-22T00:02:38.637Z"},"url":"https://ep.gov.pk/","tool":"owaspzap","result":{"status":"completed","target_url":"https://ep.gov.pk/","scan_timestamp":"20260521_193834","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":90,"urls_list":["https://ep.gov.pk/","https://ep.gov.pk/international_tracking.asp","https://ep.gov.pk/hq/gridcss.css","https://ep.gov.pk/images/search.gif","https://ep.gov.pk/images/pak_post.jpeg","https://ep.gov.pk/images/findoutmore.gif","https://ep.gov.pk/%DA%A9%D8%B1%DB%8C%DA%88%D9%B9","https://ep.gov.pk/customers_guide.asp","https://ep.gov.pk/images/citizen_portal.png","https://ep.gov.pk/Tender.asp","https://ep.gov.pk/HQ/management_console.asp","https://ep.gov.pk/index.asp","https://ep.gov.pk/complaints.asp","https://ep.gov.pk/sitemap.asp","https://ep.gov.pk/locatepos.asp","https://ep.gov.pk/F_C/Facilitation_centres.html","https://ep.gov.pk/ourflyers.asp","https://ep.gov.pk/images/pmduinfoafz.jpeg","https://ep.gov.pk/track.asp","https://ep.gov.pk/DeliveryAppCopy.asp","https://ep.gov.pk/awards.asp","https://ep.gov.pk/HQ/contactus.asp","https://ep.gov.pk/images/delivery%20post.png","https://ep.gov.pk/clients.asp","https://ep.gov.pk/HQ/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/HQ/downloadPostApp.asp?file=pakpost.apk","https://ep.gov.pk/HQ/F_C/Facilitation_centres.html","https://ep.gov.pk/services/emo_intro.asp","https://ep.gov.pk/SpryAssets/SpryAccordion.css","https://ep.gov.pk/images/uc.gif","https://ep.gov.pk/Flyers.asp?n=4.jpg","https://ep.gov.pk/images/2.jpg","https://ep.gov.pk/HQ/gridcss.css","https://ep.gov.pk/ep_Complaint/Default_Test.aspx","https://ep.gov.pk/Registerationform.docx","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background6.jpg","https://ep.gov.pk/images/Same_Day_Delivery_Flyer.jpg","https://ep.gov.pk/images%5CpostalRanking.jpg","https://ep.gov.pk/ep_Complaint/default.aspx","https://ep.gov.pk/Unutilized_Notice.jpeg","https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=3RhAMIgdbN63BPJb1iSlcS-DmhvxNNv37m9oFTRT3zcJOYWNkoRd9OBHb-ejUuptgzfhsO5fRkg-qlQW-7WECuHHY2Fr6NI4uAvOg1UhRr5pQ1cfbnHkzMM5y0XI3S7M3XxsNbAW46plhqtgzSp49TuyKVk1GivN70_9OXoDGTo0_1wA5UTO9TtIn8csVY9y0&t=634442468680000000","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=NWzA0_daI3_D_NJp0c8MzJrGi1qlw9sGUc13s-En0MWnNeEb2LHHMidXQ94B_ocfKPZezq5Cpz1swVfxTet_WJh0ApJxw_nqUD3KZx_icdJ_Y-4YRWeiesYLi-ru2vykY-tFnI4IIPvQjF_4Ac9OLoOX2AMQklXctIiFYPKEByc1&t=634442468680000000","https://ep.gov.pk/ep_Complaint/jquery-ui.css","https://ep.gov.pk/images/a_4.jpg","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=ccE8YupVPY4KvSRgDTm0I-eQnmG_w1Bh7b4Gui3L7OZO3ESVFskCHY9TFLuJZhOpL2enFk9IjcmX3Ge6I4Dz3s80_DtunuCDB494JdJpWFc495Ra8NlVFgd4nb_N2Mp_tarnv2iW3swixlRHy8tfqceBkL7KjsDvLPvA93HmRns1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/loading_icon.gif","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=Y2eOyuXjEJWig1IxJAkA4pItUriujPK-B50_hhkKuP56eYaPknOz3aebDygmIj1U18jVCWxuz7g5asb0t_ZnCFoMTJFDMNI6WvTXnyTaOp3mZYErPjEyQHVYfXwctiJGuhhweRWmytXXZGrEvmjomoyECIYY5uJl1fGGGB5MDvA1&t=ffffffffe929205a","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=lJjEyTZiugz_h1GaAo0d7mof4H0TfizAHLgPf_01qyfLjkp692oHSmkiUIu6XZAPmhzflzatpF1GbjlPBRWOzFUbop3nJenaIA90hR_8EM95ngdm2_R8KM-viUH4ndFEAlgcSantp33NyTZvM5yCvPfl4KzWTQHB8ABPh4SuH9NQlYoA0Pi7cVj90foEbNb-0&t=363be08","https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=BbSBvXhD8EthEiTR5PhSkrKBGc8JeJ6dfeEu5UukXLtukekPyk-MC0s9l10uBFNKzlf7za_l1Q20VlmHYl5w8s4UGDuQJMrJWeea5dLDXd01&t=637568388846384355","https://ep.gov.pk/emtts/EPTrack_Live.aspx?ArticleIDz=ZAP","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cc2LHxWkDOV1k29cK4xi1w-0cvrv7oTUWaiW8TpxpXlvZsjetUMyol4Ct4aa2s-b26te8WbeNinTr_Nm1UQQwRxT803Vtq9R_UuDfzDFv-XjpAa5f1d4KkBIOUHf_EqtMNHEH_cDJaDywNNVKdSV78SmojI0JErJvgKtg_AIeRmBxc1F9YGvmeL4I4D_DZYx0&t=363be08","https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","https://ep.gov.pk/2021-09-06.pdf","https://ep.gov.pk/ep_Complaint/Default.aspx","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/wz_jsgraphics.js","https://ep.gov.pk/HQ/images%5CpostalRanking.jpg","https://ep.gov.pk/Flyers.asp?n=2.jpg","https://ep.gov.pk/services/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/Flyers.asp?n=1.jpg","https://ep.gov.pk/services/images%5CpostalRanking.jpg","https://ep.gov.pk/Flyers.asp?n=3.jpg","https://ep.gov.pk/images/1.jpg","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background7.jpg","https://ep.gov.pk/Notice.pdf","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","https://ep.gov.pk/CamScanner%20_Notice.pdf","https://ep.gov.pk/images/4.jpg","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=aW4RavIXnhPbtyKUL33fylTuxV2d9DBabsjK6atiRtcguR0mRPC-d9xS4sq-g1cUJSj_RRDfRgzBeGWjKSKaqW-LxNmHx0BP_QjXwe4nsh8d9AFApG32heZ91I20p9cZEfdGkQFS0HTu4itasQqRaPd5-EAeZBniMakKEiTb3SaBvGIFfX-htBTJWiHMFz9O0&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cYPZ7DrE0NK5MKM-1AuV8niY5-FfJowOJ1LhErO1oQJHnjbe0YPPMy8FYldlYIuTUXvqejk9YQYkR6qezj1PrRURDx_WELbMng9cANpMEsGlJWnw7eIJpzm31OHms7bQTJsHaAtpuxBRiTw7H5KqregSw_zxYnQ-TBeq3jNMD53qn4pmi0_ZYm7uTo7DBYmzAFr2JvtCoOleNZ20BX5AIQ2&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","https://ep.gov.pk/Tender_Notice%5C2022-01-21-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.jpg","https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5C2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","https://ep.gov.pk/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/2021-11-19-List-of-Prohibited-Items-According-To-Pakistan-Post-Guide.pdf","https://ep.gov.pk/Tender_Notice%5Cfedex%20agreement%20with%20sign.pdf","https://ep.gov.pk/files/List%20of%20Prohibited%20Items2.pdf","https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","https://ep.gov.pk/Tender_Notice%5Cdhl.pdf","https://ep.gov.pk/Tender_Notice%5C2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf"],"duration":130.36380791664124},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.07400465011597},"passive_scan":{"status":"completed","duration":0.009844064712524414},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"ep.gov.pk","open_ports":[443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":7201.51015496254},"vulnerabilities":{"total_alerts":390,"high_risk":7,"medium_risk":63,"low_risk":207,"informational":113,"alerts_by_risk":{"High":[{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"1","other":"","method":"POST","evidence":"\" src=http://badsite.com","pluginId":"40012","cweid":"79","confidence":"Medium","sourceMessageId":112,"wascid":"8","description":"Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.\nWhen an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.\n\nThere are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.\nNon-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.\nPersistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.","messageId":"15726","inputVector":"form","url":"https://ep.gov.pk/track.asp","tags":{"CWE-79":"https://cwe.mitre.org/data/definitions/79.html","POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","WSTG-v42-INPV-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A07":"https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/attacks/xss/\nhttps://cwe.mitre.org/data/definitions/79.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nExamples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.\n\nPhases: Implementation; Architecture and Design\nUnderstand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.\nFor any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.\nConsult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.\n\nPhase: Architecture and Design\nFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.\n\nIf available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.\n\nPhase: Implementation\nFor every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.\n\nTo help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.\n\nAssume all input is malicious. Use an \"accept known good\" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.\n\nWhen performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \"boat\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as \"red\" or \"blue.\"\n\nEnsure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.\n\t","alert":"Cross Site Scripting (Reflected)","param":"textfieldz","attack":"\" src=http://badsite.com","name":"Cross Site Scripting (Reflected)","risk":"High","id":"1577","alertRef":"40012"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"1","other":"","method":"GET","evidence":" src=http://badsite.com","pluginId":"40012","cweid":"79","confidence":"Medium","sourceMessageId":299,"wascid":"8","description":"Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.\nWhen an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.\n\nThere are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.\nNon-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.\nPersistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.","messageId":"15736","inputVector":"querystring","url":"https://ep.gov.pk/Flyers.asp?n=+src%3Dhttp%3A%2F%2Fbadsite.com","tags":{"CWE-79":"https://cwe.mitre.org/data/definitions/79.html","POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","WSTG-v42-INPV-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A07":"https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/attacks/xss/\nhttps://cwe.mitre.org/data/definitions/79.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nExamples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.\n\nPhases: Implementation; Architecture and Design\nUnderstand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.\nFor any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.\nConsult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.\n\nPhase: Architecture and Design\nFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.\n\nIf available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.\n\nPhase: Implementation\nFor every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.\n\nTo help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.\n\nAssume all input is malicious. Use an \"accept known good\" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.\n\nWhen performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \"boat\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as \"red\" or \"blue.\"\n\nEnsure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.\n\t","alert":"Cross Site Scripting (Reflected)","param":"n","attack":" src=http://badsite.com","name":"Cross Site Scripting (Reflected)","risk":"High","id":"1578","alertRef":"40012"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":268,"wascid":"19","description":"SQL injection may be possible.","messageId":"18503","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1579","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":314,"wascid":"19","description":"SQL injection may be possible.","messageId":"18581","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1580","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":313,"wascid":"19","description":"SQL injection may be possible.","messageId":"18672","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1581","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":293,"wascid":"19","description":"SQL injection may be possible.","messageId":"18771","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1583","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":275,"wascid":"19","description":"SQL injection may be possible.","messageId":"18833","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1585","alertRef":"40018"}],"Medium":[{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"11","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":53,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"25","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":62,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"36","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":64,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"40","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":70,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"44","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"46","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":53,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"53","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":62,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"64","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":64,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"68","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":69,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"73","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":81,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"81","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":70,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"82","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/index.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":68,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"68","inputVector":"","url":"https://ep.gov.pk/index.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"83","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":66,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"118","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":62,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"123","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":107,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"134","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/index.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":68,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"68","inputVector":"","url":"https://ep.gov.pk/index.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"141","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":70,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"147","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":81,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"148","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":53,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"157","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":62,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"161","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":62,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"166","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":64,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"169","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":107,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"173","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":107,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"180","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":70,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"192","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":81,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"201","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":140,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"228","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":159,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"159","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"244","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":120,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"258","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":121,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"259","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/emtts/EPTrack_Live.aspx (ArticleIDz)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":212,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"212","inputVector":"","url":"https://ep.gov.pk/emtts/EPTrack_Live.aspx?ArticleIDz=ZAP","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"285","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":159,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"159","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"302","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":206,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"323","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"fuplAttatchment\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":166,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"166","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"342","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"fuplAttatchment\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":206,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"368","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":112,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"370","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":127,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"390","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":155,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"392","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"tag=script src=http:://code.jquery.com/jquery-3.5.1.min.js\ntag=script src=http:://code.jquery.com/jquery-migrate-1.2.1.min.js\n","method":"POST","evidence":"http:://code.jquery.com/jquery-3.5.1.min.js","pluginId":"10040","cweid":"311","confidence":"Medium","sourceMessageId":112,"wascid":"4","description":"The page includes mixed content, that is content accessed via HTTP instead of HTTPS.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-CRYP-03":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":"","CWE-311":"https://cwe.mitre.org/data/definitions/311.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html","solution":"A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS.\nThe page must not contain any content that is transmitted over unencrypted HTTP.\nThis includes content from third party sites.","alert":"Secure Pages Include Mixed Content (Including Scripts)","param":"","attack":"","name":"Secure Pages Include Mixed Content (Including Scripts)","risk":"Medium","id":"401","alertRef":"10040"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":121,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"409","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":155,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"418","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":127,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"433","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":112,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"437","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":120,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"440","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":112,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"455","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","sourceid":"3","other":"The identified library jquery, version 1.5.1 is vulnerable.\nCVE-2011-4969\nCVE-2020-11023\nCVE-2020-11022\nCVE-2015-9251\nCVE-2019-11358\nCVE-2020-7656\nCVE-2012-6708\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6708\nhttps://github.com/jquery/jquery/issues/2432\nhttp://research.insecurelabs.org/jquery/test/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/advisories/GHSA-rmxg-73gg-4p98\nhttps://github.com/jquery/jquery.com/issues/162\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7656\nhttps://bugs.jquery.com/ticket/9521\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttp://bugs.jquery.com/ticket/11290\nhttps://research.insecurelabs.org/jquery/test/\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttps://github.com/advisories/GHSA-q4m3-2j7h-f7xw\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4969\n","method":"GET","evidence":"jquery-1.5.1.js","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":203,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","tags":{"CVE-2011-4969":"https://nvd.nist.gov/vuln/detail/CVE-2011-4969","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","CVE-2019-11358":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358","CVE-2012-6708":"https://nvd.nist.gov/vuln/detail/CVE-2012-6708","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","CVE-2020-11023":"https://nvd.nist.gov/vuln/detail/CVE-2020-11023","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","CVE-2020-11022":"https://nvd.nist.gov/vuln/detail/CVE-2020-11022","POLICY_QA_STD":"","POLICY_PENTEST":"","CVE-2015-9251":"https://nvd.nist.gov/vuln/detail/CVE-2015-9251","CVE-2020-7656":"https://nvd.nist.gov/vuln/detail/CVE-2020-7656","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"510","alertRef":"10003"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":227,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"514","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":223,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"223","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"526","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","sourceid":"3","other":"The identified library jquery-ui, version 1.8.14 is vulnerable.\nCVE-2021-41184\nCVE-2021-41183\nCVE-2021-41182\nCVE-2022-31160\nhttps://github.com/advisories/GHSA-h6gj-6jjq-h8g9\nhttps://bugs.jqueryui.com/ticket/15284\nhttps://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31160\nhttps://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41184\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41183\nhttps://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41182\nhttps://github.com/jquery/jquery-ui/issues/2101\n","method":"GET","evidence":"/*!\n * jQuery UI 1.8.14","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":218,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"218","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","tags":{"CVE-2021-41184":"https://nvd.nist.gov/vuln/detail/CVE-2021-41184","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","CVE-2021-41183":"https://nvd.nist.gov/vuln/detail/CVE-2021-41183","CVE-2021-41182":"https://nvd.nist.gov/vuln/detail/CVE-2021-41182","POLICY_QA_STD":"","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","POLICY_PENTEST":"","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","CVE-2022-31160":"https://nvd.nist.gov/vuln/detail/CVE-2022-31160","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"630","alertRef":"10003"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":242,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"242","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"633","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":241,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"645","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":237,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"646","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":231,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"231","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"670","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":237,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"682","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":286,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"286","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"948","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":286,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"286","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"983","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":301,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"301","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"986","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":298,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"998","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":301,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"301","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"1063","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":298,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1109","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":298,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1111","alertRef":"90003"}],"Low":[{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"5","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"6","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"14","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":55,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"23","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/search.gif","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":57,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"57","inputVector":"","url":"https://ep.gov.pk/images/search.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"24","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":55,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"29","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/images/findoutmore.gif","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":60,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"60","inputVector":"","url":"https://ep.gov.pk/images/findoutmore.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"31","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/search.gif","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":57,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"57","inputVector":"","url":"https://ep.gov.pk/images/search.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"32","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/images/pak_post.jpeg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":59,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"59","inputVector":"","url":"https://ep.gov.pk/images/pak_post.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"39","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":55,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"47","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images/findoutmore.gif","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":60,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"60","inputVector":"","url":"https://ep.gov.pk/images/findoutmore.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"50","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/images/pmduinfoafz.jpeg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":108,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"108","inputVector":"","url":"https://ep.gov.pk/images/pmduinfoafz.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"57","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/pak_post.jpeg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":59,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"59","inputVector":"","url":"https://ep.gov.pk/images/pak_post.jpeg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"65","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":53,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"66","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":53,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"79","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/images/pmduinfoafz.jpeg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":108,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"108","inputVector":"","url":"https://ep.gov.pk/images/pmduinfoafz.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"84","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":69,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"86","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":66,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"94","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":70,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"95","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/index.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":68,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"68","inputVector":"","url":"https://ep.gov.pk/index.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"96","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/images/pmduinfoafz.jpeg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":108,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"108","inputVector":"","url":"https://ep.gov.pk/images/pmduinfoafz.jpeg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"97","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":107,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"98","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":62,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"100","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":64,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"101","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":66,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"104","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":66,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"106","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":64,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"112","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":62,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"113","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":69,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"117","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/index.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":68,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"68","inputVector":"","url":"https://ep.gov.pk/index.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"122","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"128","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":70,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"129","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/index.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":68,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"68","inputVector":"","url":"https://ep.gov.pk/index.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"132","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":82,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"139","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":69,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"150","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":82,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"152","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":66,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"153","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":64,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"154","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":62,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"155","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":64,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"160","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":107,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"164","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":53,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"167","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":53,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"170","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":69,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"172","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":62,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"175","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":81,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"187","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/index.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":68,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"68","inputVector":"","url":"https://ep.gov.pk/index.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"189","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":107,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"198","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":70,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"203","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":81,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"207","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":81,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"209","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/SpryAssets/SpryAccordion.css","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":142,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"142","inputVector":"","url":"https://ep.gov.pk/SpryAssets/SpryAccordion.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"222","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/delivery post.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":126,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"126","inputVector":"","url":"https://ep.gov.pk/images/delivery%20post.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"229","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/images/2.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":157,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"157","inputVector":"","url":"https://ep.gov.pk/images/2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"231","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Unutilized_Notice.jpeg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":168,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Unutilized_Notice.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"243","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Notice-Mobile Phones.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":175,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"248","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/delivery post.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":126,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"126","inputVector":"","url":"https://ep.gov.pk/images/delivery%20post.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"250","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/images/uc.gif","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":154,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"154","inputVector":"","url":"https://ep.gov.pk/images/uc.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"257","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":201,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"201","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=Y2eOyuXjEJWig1IxJAkA4pItUriujPK-B50_hhkKuP56eYaPknOz3aebDygmIj1U18jVCWxuz7g5asb0t_ZnCFoMTJFDMNI6WvTXnyTaOp3mZYErPjEyQHVYfXwctiJGuhhweRWmytXXZGrEvmjomoyECIYY5uJl1fGGGB5MDvA1&t=ffffffffe929205a","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"263","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/SpryAssets/SpryAccordion.css","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":142,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"142","inputVector":"","url":"https://ep.gov.pk/SpryAssets/SpryAccordion.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"272","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images/Same_Day_Delivery_Flyer.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":164,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"164","inputVector":"","url":"https://ep.gov.pk/images/Same_Day_Delivery_Flyer.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"274","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\UMS Plus Tender.jpeg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":199,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"199","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"276","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images\\postalRanking.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":165,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"165","inputVector":"","url":"https://ep.gov.pk/images%5CpostalRanking.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"278","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/images/2.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":157,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"157","inputVector":"","url":"https://ep.gov.pk/images/2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"279","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":120,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"280","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/images/uc.gif","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":154,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"154","inputVector":"","url":"https://ep.gov.pk/images/uc.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"281","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":121,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"282","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":121,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"283","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/HQ/gridcss.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":158,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"158","inputVector":"","url":"https://ep.gov.pk/HQ/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"288","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/HQ/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":158,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"158","inputVector":"","url":"https://ep.gov.pk/HQ/gridcss.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"292","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Unutilized_Notice.jpeg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":168,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Unutilized_Notice.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"293","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/images/a_4.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":192,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"192","inputVector":"","url":"https://ep.gov.pk/images/a_4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"294","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background6.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":162,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"162","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background6.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"297","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Document for Selection of Airlines & Transport Partners.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":210,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"210","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"298","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/delivery post.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":126,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"126","inputVector":"","url":"https://ep.gov.pk/images/delivery%20post.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"301","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images/2.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":157,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"157","inputVector":"","url":"https://ep.gov.pk/images/2.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"303","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images/uc.gif","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":154,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"154","inputVector":"","url":"https://ep.gov.pk/images/uc.gif","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"307","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":197,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"197","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"308","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":121,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"309","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/images\\postalRanking.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":165,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"165","inputVector":"","url":"https://ep.gov.pk/images%5CpostalRanking.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"310","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Notice-Mobile Phones.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":175,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"311","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"GET","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":201,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"201","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=Y2eOyuXjEJWig1IxJAkA4pItUriujPK-B50_hhkKuP56eYaPknOz3aebDygmIj1U18jVCWxuz7g5asb0t_ZnCFoMTJFDMNI6WvTXnyTaOp3mZYErPjEyQHVYfXwctiJGuhhweRWmytXXZGrEvmjomoyECIYY5uJl1fGGGB5MDvA1&t=ffffffffe929205a","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"315","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/Unutilized_Notice.jpeg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":168,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Unutilized_Notice.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"316","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":140,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"317","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Documents of UMS-Plus 04-02-2022_revise.pdf","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":200,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"200","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"320","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/images/a_4.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":192,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"192","inputVector":"","url":"https://ep.gov.pk/images/a_4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"321","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background6.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":162,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"162","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background6.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"322","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Document for Selection of Airlines & Transport Partners.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":210,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"210","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"325","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":121,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"328","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/images\\postalRanking.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":165,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"165","inputVector":"","url":"https://ep.gov.pk/images%5CpostalRanking.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"329","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":112,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"332","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\UMS Plus Tender.jpeg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":199,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"199","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"340","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Documents of UMS-Plus 04-02-2022_revise.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":200,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"200","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"343","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":127,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"347","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/Unutilized_Notice.jpeg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":168,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Unutilized_Notice.jpeg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"357","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":140,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"361","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":120,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"363","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/images/Same_Day_Delivery_Flyer.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":164,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"164","inputVector":"","url":"https://ep.gov.pk/images/Same_Day_Delivery_Flyer.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"373","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":127,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"380","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui.css","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":190,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"190","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"382","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"383","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Document for Selection of Airlines & Transport Partners.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":210,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"210","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"385","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"GET","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":159,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"159","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"405","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":155,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"406","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":155,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"410","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":140,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"414","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":140,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"421","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":121,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"422","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":127,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"427","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":120,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"428","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":112,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"429","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"432","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":166,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"166","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"435","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":140,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"436","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":140,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"443","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":127,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"449","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":166,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"166","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"453","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":120,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"456","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":112,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"462","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":112,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"463","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":206,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"467","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":206,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"488","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":203,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"506","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":203,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"508","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":215,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"215","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"515","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":215,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"215","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"518","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":219,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"219","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"536","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":219,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"219","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"539","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":227,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"547","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":227,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"548","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":223,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"223","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"549","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":223,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"223","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"550","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":227,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"567","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":218,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"218","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"626","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":218,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"218","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"629","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":232,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"232","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"631","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":232,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"232","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"643","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":242,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"242","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"680","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":257,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"257","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"694","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":257,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"257","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"696","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":242,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"242","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"705","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":242,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"242","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"706","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":257,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"257","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"714","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":257,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"257","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"715","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":237,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"728","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":267,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"267","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"729","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":237,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"731","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":241,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"735","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":231,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"231","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"802","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":267,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"267","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"807","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":241,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"816","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":237,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"918","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":237,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"919","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images/1.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":300,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/images/1.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"962","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background7.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":303,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"303","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background7.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"972","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Notice.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":304,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"304","inputVector":"","url":"https://ep.gov.pk/Notice.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"974","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":305,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"305","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"975","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Notice.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":304,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"304","inputVector":"","url":"https://ep.gov.pk/Notice.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"994","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":305,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"305","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"995","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background7.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":303,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"303","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background7.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1003","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDQUACDCBC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":298,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"1012","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/images/1.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":300,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/images/1.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1014","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":302,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"302","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1018","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":305,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"305","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1023","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":298,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1027","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Notice.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":304,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"304","inputVector":"","url":"https://ep.gov.pk/Notice.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1032","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":302,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"302","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1033","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":298,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1039","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":298,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1113","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":286,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"286","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1128","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":286,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"286","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1238","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/images/4.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":309,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"309","inputVector":"","url":"https://ep.gov.pk/images/4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1402","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/CamScanner _Notice.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":306,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/CamScanner%20_Notice.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1403","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/CamScanner _Notice.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":306,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/CamScanner%20_Notice.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1404","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/CamScanner _Notice.pdf","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":306,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/CamScanner%20_Notice.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1410","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/CamScanner _Notice.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":306,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/CamScanner%20_Notice.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1411","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images/4.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":309,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"309","inputVector":"","url":"https://ep.gov.pk/images/4.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1413","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-01-21-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":316,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"316","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-01-21-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1425","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-01-21-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":316,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"316","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-01-21-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1428","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":317,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"317","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1431","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":317,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"317","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1443","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":318,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"318","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5C2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1541","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":318,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"318","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5C2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1542","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":318,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"318","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5C2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1543","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":318,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"318","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5C2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1544","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":319,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"319","inputVector":"","url":"https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1545","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":319,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"319","inputVector":"","url":"https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1546","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":319,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"319","inputVector":"","url":"https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1548","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/images\\Validated_EMS_Standard.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":320,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"320","inputVector":"","url":"https://ep.gov.pk/images%5CValidated_EMS_Standard.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1549","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images\\Validated_EMS_Standard.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":320,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"320","inputVector":"","url":"https://ep.gov.pk/images%5CValidated_EMS_Standard.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1550","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/2021-11-19-List-of-Prohibited-Items-According-To-Pakistan-Post-Guide.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":321,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"321","inputVector":"","url":"https://ep.gov.pk/2021-11-19-List-of-Prohibited-Items-According-To-Pakistan-Post-Guide.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1551","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/2021-11-19-List-of-Prohibited-Items-According-To-Pakistan-Post-Guide.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":321,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"321","inputVector":"","url":"https://ep.gov.pk/2021-11-19-List-of-Prohibited-Items-According-To-Pakistan-Post-Guide.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1552","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex agreement with sign.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":322,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"322","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex%20agreement%20with%20sign.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1557","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex agreement with sign.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":322,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"322","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex%20agreement%20with%20sign.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1558","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex agreement with sign.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":322,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"322","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex%20agreement%20with%20sign.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1560","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/files/List of Prohibited Items2.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":367,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"367","inputVector":"","url":"https://ep.gov.pk/files/List%20of%20Prohibited%20Items2.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1561","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/files/List of Prohibited Items2.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":367,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"367","inputVector":"","url":"https://ep.gov.pk/files/List%20of%20Prohibited%20Items2.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1562","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/files/List of Prohibited Items2.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":367,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"367","inputVector":"","url":"https://ep.gov.pk/files/List%20of%20Prohibited%20Items2.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1564","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":369,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"369","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1565","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":369,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"369","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1566","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":369,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"369","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1568","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\dhl.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":370,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"370","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cdhl.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1569","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":371,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"371","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1571","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":371,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"371","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1572","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\dhl.pdf","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":370,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"370","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cdhl.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1573","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\dhl.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":370,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"370","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cdhl.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1574","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":371,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"371","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1576","alertRef":"10037"}],"Informational":[{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":1,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"8","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":53,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"34","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":62,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"51","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":66,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"55","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":81,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"70","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":82,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"110","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":66,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"127","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":69,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"133","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":53,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"140","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":64,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"143","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":107,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"149","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":70,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"168","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":53,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"171","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":81,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"81","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"177","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":69,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"186","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":62,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"62","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"188","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/HQ/management_console.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":66,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"66","inputVector":"","url":"https://ep.gov.pk/HQ/management_console.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"191","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":64,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"64","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"194","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ourflyers.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":107,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"107","inputVector":"","url":"https://ep.gov.pk/ourflyers.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"204","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":70,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"70","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"205","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/Registerationform.docx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":161,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/Registerationform.docx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"242","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":127,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"251","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":155,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"264","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":166,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"166","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"295","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":159,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"159","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"299","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Common.Threading.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"it.Common.Threading.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":196,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"196","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=ccE8YupVPY4KvSRgDTm0I-eQnmG_w1Bh7b4Gui3L7OZO3ESVFskCHY9TFLuJZhOpL2enFk9IjcmX3Ge6I4Dz3s80_DtunuCDB494JdJpWFc495Ra8NlVFgd4nb_N2Mp_tarnv2iW3swixlRHy8tfqceBkL7KjsDvLPvA93HmRns1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"339","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/emtts/EPTrack_Live.aspx (ArticleIDz)","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":212,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"212","inputVector":"","url":"https://ep.gov.pk/emtts/EPTrack_Live.aspx?ArticleIDz=ZAP","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"362","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":121,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"121","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"377","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/DeliveryAppCopy.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":120,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"120","inputVector":"","url":"https://ep.gov.pk/DeliveryAppCopy.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"402","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/services/emo_intro.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":140,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"140","inputVector":"","url":"https://ep.gov.pk/services/emo_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"404","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/clients.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":127,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"127","inputVector":"","url":"https://ep.gov.pk/clients.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"407","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":112,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"415","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/Flyers.asp (n)","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":155,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/Flyers.asp?n=4.jpg","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"445","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/track.asp\n\nappears to include user input in:\na(n) [div] tag [class] attribute\n\nThe user input found was:\nB1=Search\n\nThe user-controlled value was:\nsearch","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":112,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"B1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"459","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/track.asp ()(B1,textfieldz)","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"POST","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":112,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"112","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"464","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":206,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"465","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":206,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"469","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Calendar.CalendarBehavior.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ar.CalendarBehavior.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":198,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"198","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"472","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [type] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":206,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"206","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"473","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/// The button used to select todays date\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" The button used to select todays date","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":198,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"198","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"474","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 10 times, the first in likely comment: \"/// The handler to remove from the event.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"e handler to remove from the event.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":198,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"198","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"476","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected in likely comment: \"// Temporary fix null reference bug in Sys.CultureInfo._getAbbrMonthIndex\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" fix null reference bug in Sys.CultureInfo.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":202,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"202","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"487","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Common.Common.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"olkit.Common.Common.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":202,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"202","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"489","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/// This is NOT the same as $clearHandlers which removes all delegates from a DomElement. This rather removes select delegates \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"This rather removes select delegates ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":202,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"202","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"492","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 16 times, the first in likely comment: \"/// The position is relative from the elements nearest position:relative or\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"osition is relative from the elements neares","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":202,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"202","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"493","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 2 times, the first in likely comment: \"/// element that is currently being displayed. This is especially useful for scenarios where\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"seful for scenarios where","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":202,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"202","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"494","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected in likely comment: \"// Name: MicrosoftAjaxWebForms.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"crosoftAjaxWebForms.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":205,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"205","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=lJjEyTZiugz_h1GaAo0d7mof4H0TfizAHLgPf_01qyfLjkp692oHSmkiUIu6XZAPmhzflzatpF1GbjlPBRWOzFUbop3nJenaIA90hR_8EM95ngdm2_R8KM-viUH4ndFEAlgcSantp33NyTZvM5yCvPfl4KzWTQHB8ABPh4SuH9NQlYoA0Pi7cVj90foEbNb-0&t=363be08","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"500","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":219,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"219","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"524","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":219,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"219","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"529","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 8 times, the first in likely comment: \"// Name: MicrosoftAjax.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" MicrosoftAjax.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":214,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"214","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cc2LHxWkDOV1k29cK4xi1w-0cvrv7oTUWaiW8TpxpXlvZsjetUMyol4Ct4aa2s-b26te8WbeNinTr_Nm1UQQwRxT803Vtq9R_UuDfzDFv-XjpAa5f1d4KkBIOUHf_EqtMNHEH_cDJaDywNNVKdSV78SmojI0JErJvgKtg_AIeRmBxc1F9YGvmeL4I4D_DZYx0&t=363be08","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"532","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":227,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"552","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n13","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":217,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"564","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender6_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":217,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender6_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"571","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n131","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":217,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"610","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n132","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":217,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"611","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n139","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":217,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"618","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":242,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"242","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"676","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":242,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"242","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"684","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":265,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"265","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"722","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"738","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"743","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATE=/wEPDwUJMTQwODM2Mzg3D2QWAgIDDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICBg9kFgJmD2QWCgIBDxYCHgdWaXNpYmxlZxYKAgIPZBYEAgEPZBYCAgEPDxYCHgRUZXh0ZWRkAgMPZBYCAgEPEA8WBh4ORGF0YVZhbHVlRmllbGQFDm5TZXJ2aWNlVHlwZUlEHg1EYXRhVGV4dEZpZWxkBRNzdHJTZXJ2aWNlVHlwZVRpdGxlHgtfIURhdGFCb3VuZGdkEBURA1VNUwNVTU8DRk1PA0VNUwJSTAJQUgNNT1MDVlBQA1ZQTAdHZW5lcmFsA0NPRAhFTVMgUGx1cwtQYXJjZWwgSW50bAdSTCBJbnRsCkluc3VyZWQgUkwOSW5zdXJlZCBQYXJjZWwDT1ZOFREBNAE1ATYBNwE4ATkCMTACMTECMTICMTQCMTYCMTcCMTgCMTkCMjACMjECMjIUKwMRZ2dnZ2dnZ2dnZ2dnZ2dnZ2cWAWZkAgQPZBYCAgMPZBYCAgEPEA8WBh8EBRBzdHJDYXRlZ29yeVRpdGxlHwMFC25DYXRlZ29yeUlEHwVnZBAVBAxOb24gRGVsaXZlcnkHRGVsYXllZA5Xcm9uZyBEZWxpdmVyeQlQaWxmZXJhZ2UVBAIxMgIxMwIxNAIxNRQrAwRnZ2dnZGQCBQ9kFgICAQ9kFgICAQ8PZBYCHghyZWFkb25seQUEdHJ1ZWQCCQ9kFgQCAQ9kFgICAQ8QDxYGHwMFA25pZB8EBQtzdHJDaXR5TmFtZR8FZ2QQFWoJSXNsYW1hYmFkBUtvaGF0BkxhaG9yZQZRdWV0dGEHS2FyYWNoaQhQZXNoYXdhcgpSYXdhbHBpbmRpBk11bHRhbglIeWRlcmFiYWQFSGFuZ3UGU3Vra3VyCkJhaGF3YWxwdXIJRC5JLiBLaGFuCkFiYm90dGFiYWQKRmFpc2FsYWJhZAxNdXphZmZhcmFiYWQNSW50ZXJuYXRpb25hbAZUdXJiYXQHS2h1emRhcgRTaWJpB0xvcmFsYWkGTXVycmVlCFRhbGFnYW5nCU1pcnB1ciBBSwhNaWFud2FsaQZHaWxnaXQGSmhlbHVtBkF0dG9jawhNYWxha2FuZAZNYXJkYW4GSGF6YXJhBUJhbm51B0NoaXRyYWwIQmF0a2hlbGEJTm93c2hlaHJhCUNoYXJzYWRkYQdIYXJpcHVyCE1hbnNlaHJhBUthcmFrBFRhbmsMU2FpZHUgU2hhcmlmBUpoYW5nCFNhcmdvZGhhBUtvdGxpBEJhZ2gOVG9iYSBUZWsgU2luZ2gHS2h1c2hhYgtTaGVpa2h1cHVyYQlKYXJhbndhbGEKR3VqcmFud2FsYQVPa2FyYQdTYWhpd2FsCVdhemlyYWJhZAZHdWpyYXQPTWFuZGkgQmFoYXVkZGluB05hcm93YWwGUGFzcnVyBURhc2thCUhhZml6YWJhZAdTaWFsa290DVNpYWxrb3QgQ2FudHQJTmF3YWJzaGFoDlJhaGltIFlhciBLaGFuB0xvZGhyYW4GVmVoYXJpCEtoYW5ld2FsDU11emFmZmFyIEdhcmgGTGF5eWFoD0RlcmEgR2hhemkgS2hhbg1CYWhhd2FsIE5hZ2FyCVBha3BhdHRhbglTYWRpcWFiYWQIUmFqYW5wdXIGU0lIQUxBBU1BTElSB1NIQUhLT1QJUmF3YWxha290C01pcnB1ciBLaGFzBUthbGFtBUthc3VyB0NoYWt3YWwKR3VqYXIgS2hhbglKYWNvYmFiYWQHTGFya2FuYQtMYWtpIE1hcndhdAZTa2FyZHUISmFtc2hvcm8HQmhpbWJlcglQYWxsYW5kcmkHQmhha2thcgZLYWh1dGEJV2FoIENhbnR0CkZhdGVoIEphbmcERGFkdQ1LaGFpcnB1ciBNaXJzCVNoaWthcnB1cgZHaG90a2kHU2FuZ2hhcgdNYXRpYXJpB0toYXJpYW4NU2FyYWkgQWxhbWdpcghMYWxhbXVzYQ1LaGFyaWFuIENhbnR0B0NoaW5pb3QKSHViIENob3draQlMYXRpZmFiYWQVagExATQBNQE2ATgBOQIxMAIxMQIxMwIxNAIxNQIxNgIxNwIxOAIxOQIyMAIyMQIyMgIyMwIyNAIyNQIyNgIyNwIyOAIyOQIzMAIzMQIzMgIzMwIzNAIzNQIzNgIzNwIzOAIzOQI0MAI0MQI0MgI0MwI0NAI0NQI0NgI0NwI0OAI0OQI1MQI1MgI1MwI1NAI1NQI1NgI1NwI1OAI1OQI2MAI2MQI2MgI2MwI2NAI2NgI2OAI2OQI3MAI3MQI3MgI3MwI3NQI3NgI3NwI3OAI3OQI4MAI4MQI4MwI4NAI4NQI4NgI4NwI4OAI4OQI5MAI5MQI5MgI5MwI5NAI5NQI5NgI5NwI5OAI5OQMxMDADMTAxAzEwMgMxMDMDMTA0AzEwNQMxMDYDMTA3AzEwOAMxMDkDMTEwAzExMQMxMTIDMTEzAzExNAMxMTUUKwNqZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgMPZBYCAgEPEA8WBh8DBQNuaWQfBAULc3RyQ2l0eU5hbWUfBWdkEBVqCUlzbGFtYWJhZAVLb2hhdAZMYWhvcmUGUXVldHRhB0thcmFjaGkIUGVzaGF3YXIKUmF3YWxwaW5kaQZNdWx0YW4JSHlkZXJhYmFkBUhhbmd1BlN1a2t1cgpCYWhhd2FscHVyCUQuSS4gS2hhbgpBYmJvdHRhYmFkCkZhaXNhbGFiYWQMTXV6YWZmYXJhYmFkDUludGVybmF0aW9uYWwGVHVyYmF0B0todXpkYXIEU2liaQdMb3JhbGFpBk11cnJlZQhUYWxhZ2FuZwlNaXJwdXIgQUsITWlhbndhbGkGR2lsZ2l0BkpoZWx1bQZBdHRvY2sITWFsYWthbmQGTWFyZGFuBkhhemFyYQVCYW5udQdDaGl0cmFsCEJhdGtoZWxhCU5vd3NoZWhyYQlDaGFyc2FkZGEHSGFyaXB1cghNYW5zZWhyYQVLYXJhawRUYW5rDFNhaWR1IFNoYXJpZgVKaGFuZwhTYXJnb2RoYQVLb3RsaQRCYWdoDlRvYmEgVGVrIFNpbmdoB0todXNoYWILU2hlaWtodXB1cmEJSmFyYW53YWxhCkd1anJhbndhbGEFT2thcmEHU2FoaXdhbAlXYXppcmFiYWQGR3VqcmF0D01hbmRpIEJhaGF1ZGRpbgdOYXJvd2FsBlBhc3J1cgVEYXNrYQlIYWZpemFiYWQHU2lhbGtvdA1TaWFsa290IENhbnR0CU5hd2Fic2hhaA5SYWhpbSBZYXIgS2hhbgdMb2RocmFuBlZlaGFyaQhLaGFuZXdhbA1NdXphZmZhciBHYXJoBkxheXlhaA9EZXJhIEdoYXppIEtoYW4NQmFoYXdhbCBOYWdhcglQYWtwYXR0YW4JU2FkaXFhYmFkCFJhamFucHVyBlNJSEFMQQVNQUxJUgdTSEFIS09UCVJhd2FsYWtvdAtNaXJwdXIgS2hhcwVLYWxhbQVLYXN1cgdDaGFrd2FsCkd1amFyIEtoYW4JSmFjb2JhYmFkB0xhcmthbmELTGFraSBNYXJ3YXQGU2thcmR1CEphbXNob3JvB0JoaW1iZXIJUGFsbGFuZHJpB0JoYWtrYXIGS2FodXRhCVdhaCBDYW50dApGYXRlaCBKYW5nBERhZHUNS2hhaXJwdXIgTWlycwlTaGlrYXJwdXIGR2hvdGtpB1NhbmdoYXIHTWF0aWFyaQdLaGFyaWFuDVNhcmFpIEFsYW1naXIITGFsYW11c2ENS2hhcmlhbiBDYW50dAdDaGluaW90Ckh1YiBDaG93a2kJTGF0aWZhYmFkFWoBMQE0ATUBNgE4ATkCMTACMTECMTMCMTQCMTUCMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzICMzMCMzQCMzUCMzYCMzcCMzgCMzkCNDACNDECNDICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTECNTICNTMCNTQCNTUCNTYCNTcCNTgCNTkCNjACNjECNjICNjMCNjQCNjYCNjgCNjkCNzACNzECNzICNzMCNzUCNzYCNzcCNzgCNzkCODACODECODMCODQCODUCODYCODcCODgCODkCOTACOTECOTICOTMCOTQCOTUCOTYCOTcCOTgCOTkDMTAwAzEwMQMxMDIDMTAzAzEwNAMxMDUDMTA2AzEwNwMxMDgDMTA5AzExMAMxMTEDMTEyAzExMwMxMTQDMTE1FCsDamdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIQD2QWAmYPZBYEAgEPEA8WBh8DBQpEaXN0cmljdElkHwQFDURpc3RyaWN0X05hbWUfBWdkEBXHAQAOICBNVVpBRkZBUkFCQUQJQWJib3RhYmFkCkFiYm90dGFiYWQHQXN0b3JlIAVBdG9jawdBdHRvY2sgB0F3YXJhbiAIQi4gTmFnYXIFQmFkaW4IQmFnaCBBLksHQmFnaCBBSxFCYWdoIEFLLiBCYWdoIEEuSwpCYWhhd2FscHVyDUJham91ciBBZ2VuY3kFQmFubnUGQmFubnUuB0JhcmtoYW4JQmF0dGFncmFtBUJoYWcgB0JoYWtrYXIHQmhpbWJlcg1CaGltYmVyIChBLkspBUJvbGFuBkNoYWdhaQdDaGFnaGkgB0NoYWt3YWwJQ2hhcnNhZGRhCENoaW5pb3QgB0NoaXRyYWwIRC5JLktIQU4ERGFkdRJEZWFyIE11cmFkIEphbWFsaSAPRGVyYSBBbGxhaCBZYXIgEERlcmEgQWxsYWhhIFlhciAKRGVyYSBCdWd0aRJEZXJhIE11cmFkIEphbWFsaSAHREcgS2hhbgZEaWFtZXIJRGlyIExvd2VyCURpciBVcHBlcgtEaXN0dCBCdW5pcgREdWtpC0ZSIEQuSS5LaGFuB0ZSIFRBTksGRnNkIERuB0ZzZCBHUE8JR2FuZGFraGEgCEdhd2FkYXIgB0doYW5jaGUGR2hpemVyBkdob3RraQZHaWxnaXQLR3VqcmFud2FsYSAGR3VqcmF0BUhhbmd1B0hhcmlwdXIGSGFybmFpD0hhdHRpYW4gQmFsYSBBSwpIYXZlbGkgQS5LCUhhdmVsaSBBSwVIdW56YQlIeWRlcmFiYWQJSXNsYW1hYmFkCUphY29iYWJhZAtKYWZmZXJhYmFkIAhKYW1zaG9ybwxKaGFsIE1hZ2FzaSAKSmhhbCBNYWdzaQZKaGFuZyAGSmhlbHVtBUp1ZGJhBUthY2ggDUthY2hoaSBCb2xhbiANS2FjaGkgKEJvbGFuKQZLYWxhdCAUS2FtYmVyIEAgU2hhaGRhZCBrb3QVS2FtYmVyIGF0IFNoYWhkYWQga290D0thcmFjaGkgQ2VudHJhbAxLYXJhY2hpIEVhc3QNS2FyYWNoaSBTb3V0aAxLYXJhY2hpIFdlc3QFS2FyYWsUS2FzaG1vcmUgQCBLYW5kaCBrb3QFS2FzdXIES2VjaAhLaGFpcnB1chBLaGFpcnB1ciBNaXLigJlzCEtoYW5ld2FsB0toYXJhbiAIS2hhcm1hbmcHS2h1c2hhYghLaHV6ZGFyIAZLaWxsYSAOS2lsbGEgQWJkdWxsYWgPS2lsbGEgU2FpZnVsbGFoD0tpbGxhaCBBYmR1bGxhaA9LaWxsaSBBYmR1bGxhaCAQS2lsbGlTYWlmIFVsbGFoIAVLT2hhdAhLb2hpc3RhbgZLb2hsdSAHS29yYW5naQtLb3RsaSAoQS5LKQhLb3RsaSBBSwZMYWhvcmUMTGFra2kgTWFyd2F0Dkxha2tpIE1hcndhdC4gB0xhcmthbmEITGFzYmVsYSAGTGF5eWFoBUxlaHJpBUxlcmhpCExvZGhyYW4gB0xvcmFsYWkKTS4gQWJhZCBBSwhNLkIuIERpbgdNLkIuRGluBU1hY2ggB01haXdhbmQJTWFsYWthbmQgBU1hbGlyC01hbmpoaSBQdXIgCE1hbnNlaHJhB01hcmRhbiAITWFzdHVuZyAHTWF0aWFyaQhNaWFud2FsaQlNaWFud3dhbGkMTWlycHVyIChBLkspCU1pcnB1ciBBSwpNaXJwdXJraGFzB011bHRhbiAKTXVsdGFuIEdQTwhNdXNha2hlbA1NdXphZmZhciBHYXJoBk4uVy5BLgVOYWdhcgdOYW5rYW5hCE5hcm93YWwgCk5hc2lyYWJhZCAPTmF1c2hhcm8gRmVyb3plCU5hd2Fic2hhaAlOZWVsdW0gQUsITm93c2hlcmEHTnVzaGtpIAVPa2FyYQlQYWtwYXR0YW4IUGFuamd1ciAIUGVzaGF3YXIHUGlzaGluIAZQb29uY2gIUS5TLlB1cmEGUXVldHRhClIuWS4gS2hhbiAIUmFqYW5wdXILUmF3YWxwaW5kaSAIU2FoaXdhbCANU2FpZHUgU2hhcmlmIAdTYW5naGFyBlNhbm5pIAhTYXJnb2RoYQdTZ2QgR1BPE1NoYWhlZWQgQmVuYXppcmFiYWQHU2hhbmdsYQtTaGVpa2h1cHVyYQdTaGVyYW5pBlNoaWdhcglTaGlrYXJwdXIIU2lhbGtvdCAFU2liaSAGU2thcmR1C1NvYmF0aCBQdXIgBlNvaGJhdApTb2hiYXQgUHVyGFNPVVRIIFdBWklSSVNUQU4gQUdFTkNZIBtTT1VUSCBXQVpJUklTVEFOIEFHRU5DWSBTV0EJU3VkaGFub3RpCFN1ZGhub3RpB1N1amF3YWwGU3Vra3VyE1N1cmFiIFNpa2FuZGFyYWJhZCAFU3dhYmkEU3dhdAhULk0ua2hhbgtULlQuIFNpbmdoIApULlQuU2luZ2ggDlRhbmRvIEFsbGFoeWFyE1RhbmRvIE11aGFtbWFkIEtoYW4EVGFuawRUaGFyBlRoYXR0YQdUdXJiYXQgB1VtZXJrb3QOVXN0YSBNdWhhbW1hZCAHVmVoYXJpIAdXYXNodWsgBFpob2IGWmlhcmF0FccBBDEwMTcEMTA1NgQxMDUwATEEMTAzOQQxMDIxBDEwMTQBMgEzATQEMTAzNQQxMDUxBDEwNDQBNQE2ATcBOAE5AjEwAjExBDEwMzEEMTA1OAQxMDE2AjEyAjEzAjE0BDEwMTgCMTUEMTA0MAIxNgIxNwIxOAIxOQIyMAIyMQIyMgIyMwIyNAQxMDQyAjI1AjI2AjI3AjI4AjI5AjMwBDEwMTMEMTAyMAIzMQIzMgQxMDQ3BDEwNDMCMzMEMTA0OAQxMDM0BDEwMTUCMzQCMzUCMzYEMTA2MQQxMDIzBDEwMjUEMTAyNAIzNwQxMDA2AjM4AjM5AjQwAjQxAjQyBDEwNDYEMTAxMgI0MwI0NAI0NQI0NgI0NwI0OAI0OQI1MAI1MQI1MgI1MwI1NAI1NQQxMDMwAjU2AjU3AjU4AjU5AjYwBDEwMjYEMTAyOQI2MQI2MgI2MwI2NAI2NQI2NgI2NwI2OAI2OQI3MAI3MQQxMDMyBDEwMDMEMTA1MgI3MgI3MwI3NAI3NQI3NgI3NwI3OAI3OQI4MAQxMDYwBDEwMTAEMTAwMgI4MQI4MgI4MwI4NAI4NQI4NgI4NwI4OAI4OQQxMDA3BDEwNDUEMTA1NQQxMDU5AjkwAjkxAjkyAjkzAjk0Ajk1BDEwNDkEMTAxMQQxMDU3Ajk2Ajk3Ajk4BDEwMDgCOTkDMTAwBDEwMzgDMTAxAzEwMgMxMDMDMTA0BDEwNDEEMTAzMwMxMDUDMTA2AzEwNwMxMDgDMTA5AzExMAMxMTEDMTEyBDEwMzYEMTAwNQMxMTMDMTE0BDEwMDQDMTE1BDEwMzcDMTE2BDEwNTQDMTE3BDEwMTkDMTE4AzExOQMxMjADMTIxAzEyMgQxMDI4BDEwNTMDMTIzAzEyNAMxMjUDMTI2AzEyNwMxMjgEMTAyMgQxMDI3AzEyOQMxMzADMTMxAzEzMgMxMzMDMTM0AzEzNQMxMzYDMTM3AzEzOAMxMzkDMTQwFCsDxwFnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnFgFmZAIDDxBkZBYAZAIDDxYCHwFoZAIFDxYCHwFoFhgCAg9kFgQCAQ9kFgICAQ8PFgIfAgUDWkFQZGQCAw9kFgICAQ8PFgIfAgUDVU1TZGQCAw9kFgICAQ9kFgICAQ8PFgIfAgUDWkFQZGQCBA9kFgICAQ9kFgICAQ8PFgIfAgUDWkFQZGQCBQ9kFgICAQ9kFgICAQ8PFgIfAmVkZAIHD2QWBAIBD2QWAgIBDw8WAh8CZWRkAgMPZBYCAgEPDxYCHwJlZGQCCA9kFgQCAQ9kFgICAQ8PFgIfAmVkZAIDD2QWAgIBDw8WAh8CZWRkAgkPZBYEAgEPZBYCAgEPDxYCHwIFCUlzbGFtYWJhZGRkAgMPZBYCAgEPDxYCHwIFCUlzbGFtYWJhZGRkAgoPZBYEAgEPZBYCAgEPDxYCHwJlZGQCAw9kFgICAQ8PFgIfAmVkZAILD2QWBAIBD2QWAgIBDw8WAh8CZWRkAgMPZBYCAgEPDxYCHwJlZGQCDA9kFgICAQ9kFgICAQ8PFgIfAmVkZAIND2QWAgIBD2QWAgIBDw8WAh8CZWRkAg4PZBYCAgEPZBYCAgEPDxYCHwJlZGQCBw8PFgIfAmVkZAIPDw8WAh8BZ2RkZP26ZximOxDa9blU0JWlZz2BQ/msHKowm3SjafN07r3z\n\nThe user-controlled value was:\n/wepdwujmtqwodm2mzg3d2qwagiddxychgdlbmn0exblbrntdwx0axbhcnqvzm9ybs1kyxrhfgicbg9kfgjmd2qwcgibdxychgdwaxnpymxlzxykagipzbyeagepzbycagepdxychgruzxh0zwrkagmpzbycagepea8wbh4orgf0yvzhbhvlrmllbgqfdm5tzxj2awnlvhlwzulehg1eyxrhvgv4dezpzwxkbrnzdhjtzxj2awnlvhlwzvrpdgxlhgtfiurhdgfcb3vuzgdkebura1vnuwnvtu8drk1pa0vnuwjstajqugnnt1mdvlbqa1zqtadhzw5lcmfsa0nprahftvmgugx1cwtqyxjjzwwgsw50badstcbjbnrsckluc3vyzwqgukwosw5zdxjlzcbqyxjjzwwdt1zofrebnae1atybnwe4atkcmtacmtecmticmtqcmtycmtccmtgcmtkcmjacmjecmjiukwmrz2dnz2dnz2dnz2dnz2dnz2cwawzkagqpzbycagmpzbycagepea8wbh8ebrbzdhjdyxrlz29yevrpdgxlhwmfc25dyxrlz29yeulehwvnzbavbaxob24grgvsaxzlcnkhrgvsyxllza5xcm9uzybezwxpdmvyeqlqawxmzxjhz2uvbaixmgixmwixnaixnrqrawrnz2dnzgqcbq9kfgicaq9kfgicaq8pzbychghyzwfkb25sequedhj1zwqccq9kfgqcaq9kfgicaq8qdxyghwmfa25pzb8ebqtzdhjdaxr5tmftzr8fz2qqfwojsxnsyw1hymfkbutvagf0bkxhag9yzqzrdwv0dgehs2fyywnoaqhqzxnoyxdhcgpsyxdhbhbpbmrpbk11bhrhbgliewrlcmfiywqfsgfuz3ugu3vra3vyckjhagf3ywxwdxijrc5jliblagfuckfiym90dgfiywqkrmfpc2fsywjhzaxndxphzmzhcmfiywqnsw50zxjuyxrpb25hbazudxjiyxqhs2h1emrhcgrtawjpb0xvcmfsywkgtxvycmvlcfrhbgfnyw5ncu1pcnb1cibbswhnawfud2fsaqzhawxnaxqgsmhlbhvtbkf0dg9jawhnywxha2fuzaznyxjkyw4gsgf6yxjhbujhbm51b0noaxryywwiqmf0a2hlbgejtm93c2hlahjhcunoyxjzywrkyqdiyxjpchvyce1hbnnlahjhbuthcmfrbfrhbmsmu2fpzhugu2hhcmlmbupoyw5ncfnhcmdvzghhbutvdgxpbejhz2govg9iysbuzwsgu2luz2ghs2h1c2hhygttagvpa2h1chvyyqlkyxjhbndhbgekr3vqcmfud2fsyqvpa2fyyqdtywhpd2fscvdhemlyywjhzazhdwpyyxqptwfuzgkgqmfoyxvkzglub05hcm93ywwgugfzcnvyburhc2thcuhhzml6ywjhzadtawfsa290dvnpywxrb3qgq2fudhqjtmf3ywjzagfodljhagltiflhciblagfub0xvzghyyw4gvmvoyxjpcetoyw5ld2fsdu11emfmzmfyiedhcmggtgf5ewfod0rlcmegr2hhemkgs2hhbg1cywhhd2fsie5hz2fycvbha3bhdhrhbgltywrpcwfiywqiumfqyw5wdxigu0liquxbbu1btelsb1niquhlt1qjumf3ywxha290c01pcnb1ciblagfzbuthbgftbuthc3vyb0noywt3ywwkr3vqyxigs2hhbglkywnvymfiywqhtgfya2fuyqtmywtpie1hcndhdazta2fyzhuismftc2hvcm8hqmhpbwjlcglqywxsyw5kcmkhqmhha2thcgzlywh1dgejv2foienhbnr0ckzhdgvoiephbmcergfkdq1lagfpcnb1cibnaxjzcvnoawthcnb1cgzhag90a2khu2fuz2hhcgdnyxrpyxjpb0toyxjpyw4nu2fyywkgqwxhbwdpcghmywxhbxvzyq1lagfyawfuienhbnr0b0noaw5pb3qkshviienob3draqlmyxrpzmfiywqvagexatqbnqe2atgboqixmaixmqixmwixnaixnqixngixnwixoaixoqiymaiymqiymgiymwiynaiynqiyngiynwiyoaiyoqizmaizmqizmgizmwiznaiznqizngiznwizoaizoqi0mai0mqi0mgi0mwi0nai0nqi0ngi0nwi0oai0oqi1mqi1mgi1mwi1nai1nqi1ngi1nwi1oai1oqi2mai2mqi2mgi2mwi2nai2ngi2oai2oqi3mai3mqi3mgi3mwi3nqi3ngi3nwi3oai3oqi4mai4mqi4mwi4nai4nqi4ngi4nwi4oai4oqi5mai5mqi5mgi5mwi5nai5nqi5ngi5nwi5oai5oqmxmdadmtaxazewmgmxmdmdmta0azewnqmxmdydmta3azewoamxmdkdmtewazexmqmxmtidmtezazexnamxmtuukwnqz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2rkagmpzbycagepea8wbh8dbqnuawqfbaulc3ryq2l0eu5hbwufbwdkebvqculzbgftywjhzavlb2hhdazmywhvcmuguxvldhrhb0thcmfjagkiugvzagf3yxikumf3ywxwaw5kaqzndwx0yw4jshlkzxjhymfkbuhhbmd1bln1a2t1cgpcywhhd2fschvycuquss4gs2hhbgpbymjvdhrhymfkckzhaxnhbgfiywqmtxv6ywzmyxjhymfkduludgvybmf0aw9uywwgvhvyymf0b0todxpkyxieu2liaqdmb3jhbgfpbk11cnjlzqhuywxhz2fuzwlnaxjwdxigqusitwlhbndhbgkgr2lsz2l0bkpozwx1bqzbdhrvy2sitwfsywthbmqgtwfyzgfubkhhemfyyqvcyw5udqddagl0cmfscejhdgtozwxhcu5vd3nozwhyyqldagfyc2fkzgehsgfyaxb1cghnyw5zzwhyyqvlyxjhawruyw5rdfnhawr1ifnoyxjpzgvkagfuzwhtyxjnb2royqvlb3rsaqrcywdodlrvymegvgvrifnpbmdob0todxnoywilu2hlawtodxb1cmejsmfyyw53ywxhckd1anjhbndhbgeft2thcmehu2foaxdhbalxyxppcmfiywqgr3vqcmf0d01hbmrpiejhagf1zgrpbgdoyxjvd2fsblbhc3j1cgveyxnryqliywzpemfiywqhu2lhbgtvda1tawfsa290ienhbnr0cu5hd2fic2hhaa5sywhpbsbzyxigs2hhbgdmb2rocmfublzlagfyaqhlagfuzxdhba1ndxphzmzhcibhyxjobkxhexlhaa9ezxjhiedoyxppietoyw4nqmfoyxdhbcboywdhcglqywtwyxr0yw4ju2fkaxfhymfkcfjhamfuchvyblnjsefmqqvnquxjugdtsefis09ucvjhd2fsywtvdatnaxjwdxigs2hhcwvlywxhbqvlyxn1cgddagfrd2fsckd1amfyietoyw4jsmfjb2jhymfkb0xhcmthbmeltgfrasbnyxj3yxqgu2thcmr1cephbxnob3jvb0joaw1izxijugfsbgfuzhjpb0joywtryxigs2fodxrhcvdhacbdyw50dapgyxrlacbkyw5nberhzhuns2hhaxjwdxigtwlycwltaglryxjwdxigr2hvdgtpb1nhbmdoyxihtwf0awfyaqdlagfyawfudvnhcmfpiefsyw1naxiitgfsyw11c2ens2hhcmlhbibdyw50daddagluaw90ckh1yibdag93a2kjtgf0awzhymfkfwobmqe0atubnge4atkcmtacmtecmtmcmtqcmtucmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqcmjucmjycmjccmjgcmjkcmzacmzecmzicmzmcmzqcmzucmzycmzccmzgcmzkcndacndecndicndmcndqcnducndycndccndgcndkcntecnticntmcntqcntucntycntccntgcntkcnjacnjecnjicnjmcnjqcnjycnjgcnjkcnzacnzecnzicnzmcnzucnzycnzccnzgcnzkcodacodecodmcodqcoducodycodccodgcodkcotacotecoticotmcotqcotucotycotccotgcotkdmtawazewmqmxmdidmtazazewnamxmdudmta2azewnwmxmdgdmta5azexmamxmtedmteyazexmwmxmtqdmte1fcsdamdnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dkzaiqd2qwamypzbyeagepea8wbh8dbqpeaxn0cmljdelkhwqfdurpc3ryawn0x05hbwufbwdkebxhaqaoicbnvvpbrkzbukfcquqjqwjib3rhymfkckfiym90dgfiywqhqxn0b3jliavbdg9jawdbdhrvy2sgb0f3yxjhbiaiqi4gtmfnyxifqmfkaw4iqmfnacbblkshqmfnacbbsxfcywdoiefllibcywdoieeuswpcywhhd2fschvydujham91cibbz2vuy3kfqmfubnugqmfubnuub0jhcmtoyw4jqmf0dgfncmftbujoywcgb0joywtryxihqmhpbwjlcg1cagltymvyichblkspbujvbgfubknoywdhaqddagfnagkgb0noywt3ywwjq2hhcnnhzgrhcenoaw5pb3qgb0noaxryywwirc5jlktiqu4ergfkdrjezwfyie11cmfkiephbwfsasaprgvyysbbbgxhacbzyxigeerlcmegqwxsywhhiflhciakrgvyysbcdwd0arjezxjhie11cmfkiephbwfsasahrecgs2hhbgzeawftzxijrglyiexvd2vycurpcibvchblcgteaxn0dcbcdw5pcgredwtpc0zsiequss5lagfub0zsifrbtksgrnnkierub0zzzcbhue8jr2fuzgfragegcedhd2fkyxigb0doyw5jagugr2hpemvybkdob3rraqzhawxnaxqlr3vqcmfud2fsysagr3vqcmf0buhhbmd1b0hhcmlwdxigsgfybmfpd0hhdhrpyw4gqmfsysbbswpiyxzlbgkgqs5lcuhhdmvsasbbswvidw56yqliewrlcmfiywqjsxnsyw1hymfkcuphy29iywjhzatkywzmzxjhymfkiahkyw1zag9ybwxkagfsie1hz2fzasaksmhhbcbnywdzaqzkagfuzyagsmhlbhvtbup1zgjhbuthy2ggduthy2hoasbcb2xhbians2fjagkgkejvbgfukqzlywxhdcaus2ftymvyieagu2hhagrhzcbrb3qvs2ftymvyigf0ifnoywhkywqga290d0thcmfjagkgq2vudhjhbaxlyxjhy2hpievhc3qns2fyywnoasbtb3v0aaxlyxjhy2hpifdlc3qfs2fyywsus2fzag1vcmugqcblyw5kacbrb3qfs2fzdxies2vjaahlagfpcnb1chblagfpcnb1cibnaxligjlzcetoyw5ld2fsb0toyxjhbiais2hhcm1hbmchs2h1c2hhyghlahv6zgfyiazlawxsysaos2lsbgegqwjkdwxsywgps2lsbgegu2fpznvsbgfod0tpbgxhacbbymr1bgxhaa9lawxsasbbymr1bgxhacaqs2lsbgltywlmifvsbgfoiavlt2hhdahlb2hpc3rhbgzlb2hsdsahs29yyw5naqtlb3rsasaoqs5lkqhlb3rsasbbswzmywhvcmumtgfra2kgtwfyd2f0dkxha2tpie1hcndhdc4gb0xhcmthbmeitgfzymvsysagtgf5ewfobuxlahjpbuxlcmhpcexvzghyyw4gb0xvcmfsywkkts4gqwjhzcbbswhnlkiuierpbgdnlkiurglubu1hy2ggb01haxdhbmqjtwfsywthbmqgbu1hbglyc01hbmpoasbqdxigce1hbnnlahjhb01hcmrhbiaitwfzdhvuzyahtwf0awfyaqhnawfud2fsaqlnawfud3dhbgkmtwlychvyichblkspcu1pcnb1cibbswpnaxjwdxjragfzb011bhrhbiaktxvsdgfuiedqtwhndxnha2hlba1ndxphzmzhcibhyxjobk4uvy5blgvoywdhcgdoyw5ryw5hce5hcm93ywwgck5hc2lyywjhzcaptmf1c2hhcm8grmvyb3plcu5hd2fic2hhaalozwvsdw0gqusitm93c2hlcmehtnvzagtpiavpa2fyyqlqywtwyxr0yw4iugfuamd1ciaiugvzagf3yxihuglzagluiazqb29uy2gius5tllb1cmeguxvldhrhcliuws4gs2hhbiaiumfqyw5wdxilumf3ywxwaw5kasaiu2foaxdhbcanu2fpzhugu2hhcmlmiadtyw5nagfyblnhbm5piahtyxjnb2royqdtz2qgr1bpe1noywhlzwqgqmvuyxppcmfiywqhu2hhbmdsyqttagvpa2h1chvyyqdtagvyyw5pblnoawdhcgltaglryxjwdxiiu2lhbgtvdcafu2liasagu2thcmr1c1nvymf0acbqdxigblnvagjhdaptb2hiyxqguhvygfnpvvriifdbwklssvnuqu4gqudftknzibttt1vuscbxqvpjukltvefoiefhru5dwsbtv0eju3vkagfub3rpcfn1zghub3rpb1n1amf3ywwgu3vra3vye1n1cmfiifnpa2fuzgfyywjhzcafu3dhymkeu3dhdahulk0ua2hhbgtullquifnpbmdoiapullquu2luz2ggdlrhbmrviefsbgfoewfye1rhbmrvie11agftbwfkietoyw4evgfuawruagfyblroyxr0yqdudxjiyxqgb1vtzxjrb3qovxn0ysbndwhhbw1hzcahvmvoyxjpiadxyxnodwsgbfpob2igwmlhcmf0fccbbdewmtcemta1ngqxmduwateemtazoqqxmdixbdewmtqbmgezatqemtaznqqxmduxbdewndqbnqe2atcboae5ajewajexbdewmzeemta1oaqxmde2ajeyajezaje0bdewmtgcmtuemta0maixngixnwixoaixoqiymaiymqiymgiymwiynaqxmdqyaji1aji2aji3aji4aji5ajmwbdewmtmemtaymaizmqizmgqxmdq3bdewndmcmzmemta0oaqxmdm0bdewmtucmzqcmzucmzyemta2mqqxmdizbdewmjuemtaynaiznwqxmda2ajm4ajm5ajqwajqxajqybdewndyemtaxmgi0mwi0nai0nqi0ngi0nwi0oai0oqi1mai1mqi1mgi1mwi1nai1nqqxmdmwaju2aju3aju4aju5ajywbdewmjyemtayoqi2mqi2mgi2mwi2nai2nqi2ngi2nwi2oai2oqi3mai3mqqxmdmybdewmdmemta1mgi3mgi3mwi3nai3nqi3ngi3nwi3oai3oqi4maqxmdywbdewmtaemtawmgi4mqi4mgi4mwi4nai4nqi4ngi4nwi4oai4oqqxmda3bdewnduemta1nqqxmdu5ajkwajkxajkyajkzajk0ajk1bdewndkemtaxmqqxmdu3ajk2ajk3ajk4bdewmdgcotkdmtawbdewmzgdmtaxazewmgmxmdmdmta0bdewndeemtazmwmxmdudmta2azewnwmxmdgdmta5azexmamxmtedmteybdewmzyemtawnqmxmtmdmte0bdewmdqdmte1bdewmzcdmte2bdewntqdmte3bdewmtkdmte4azexoqmxmjadmtixazeymgqxmdi4bdewntmdmtizazeynamxmjudmti2azeynwmxmjgemtaymgqxmdi3azeyoqmxmzadmtmxazezmgmxmzmdmtm0azeznqmxmzydmtm3azezoamxmzkdmtqwfcsdxwfnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnfgfmzaiddxbkzbyazaiddxychwfozaifdxychwfofhgcag9kfgqcaq9kfgicaq8pfgifagudwkfqzgqcaw9kfgicaq8pfgifagudvu1tzgqcaw9kfgicaq9kfgicaq8pfgifagudwkfqzgqcba9kfgicaq9kfgicaq8pfgifagudwkfqzgqcbq9kfgicaq9kfgicaq8pfgifamvkzaihd2qwbaibd2qwagibdw8wah8czwrkagmpzbycagepdxychwjlzgqcca9kfgqcaq9kfgicaq8pfgifamvkzaidd2qwagibdw8wah8czwrkagkpzbyeagepzbycagepdxychwifculzbgftywjhzgrkagmpzbycagepdxychwifculzbgftywjhzgrkagopzbyeagepzbycagepdxychwjlzgqcaw9kfgicaq8pfgifamvkzaild2qwbaibd2qwagibdw8wah8czwrkagmpzbycagepdxychwjlzgqcda9kfgicaq9kfgicaq8pfgifamvkzaind2qwagibd2qwagibdw8wah8czwrkag4pzbycagepzbycagepdxychwjlzgqcbw8pfgifamvkzaipdw8wah8bz2rkzp26zximoxda9blu0jwlzz2bq/mshkowm3sjafn07r3z","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":265,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"265","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATE","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"745","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"748","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"753","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nTextBoxCustomBookingOffice=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"TextBoxCustomBookingOffice","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"758","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender10_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":265,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"265","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender10_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"759","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeEmail=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeEmail","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"761","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender11_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":265,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"265","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender11_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"762","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeMobile=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeMobile","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"764","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeTel=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeTel","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"778","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender4_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":248,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"248","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender4_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"779","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender5_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":248,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"248","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender5_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"786","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"791","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtSenderName=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtSenderName","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"804","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtSenderTel=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtSenderTel","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"810","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxt_ArticleNo=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txt_ArticleNo","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"814","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxt_BookingDate=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txt_BookingDate","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"819","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n121","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"867","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n122","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"868","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n124","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"873","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n125","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"875","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n126","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"877","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n128","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"882","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n129","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"885","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":237,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"892","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":298,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"978","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":298,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1090","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/track.asp","sourceid":"3","other":"cookie:ASPSESSIONIDQUACDCBC","method":"GET","evidence":"ASPSESSIONIDQUACDCBC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":298,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"298","inputVector":"","url":"https://ep.gov.pk/track.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDQUACDCBC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"1119","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":286,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"286","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1136","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n13","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1145","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n130","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1338","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n131","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1340","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n132","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1342","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n133","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1345","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n136","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1354","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n137","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":287,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"287","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1357","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Animation.AnimationBehavior.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"n.AnimationBehavior.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":310,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"310","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=aW4RavIXnhPbtyKUL33fylTuxV2d9DBabsjK6atiRtcguR0mRPC-d9xS4sq-g1cUJSj_RRDfRgzBeGWjKSKaqW-LxNmHx0BP_QjXwe4nsh8d9AFApG32heZ91I20p9cZEfdGkQFS0HTu4itasQqRaPd5-EAeZBniMakKEiTb3SaBvGIFfX-htBTJWiHMFz9O0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1416","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 5 times, the first in likely comment: \"// Generic animation behaviors that automatically build animations from JSON descriptions\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ly build animations from JSON descriptions","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":310,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"310","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=aW4RavIXnhPbtyKUL33fylTuxV2d9DBabsjK6atiRtcguR0mRPC-d9xS4sq-g1cUJSj_RRDfRgzBeGWjKSKaqW-LxNmHx0BP_QjXwe4nsh8d9AFApG32heZ91I20p9cZEfdGkQFS0HTu4itasQqRaPd5-EAeZBniMakKEiTb3SaBvGIFfX-htBTJWiHMFz9O0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1418","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATE=/wEPDwUJMTQwODM2Mzg3D2QWAgIDDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICBg9kFgJmD2QWBgIBD2QWCgICD2QWBAIBD2QWAgIBDw8WAh4EVGV4dGVkZAIDD2QWAgIBDxAPFgYeDkRhdGFWYWx1ZUZpZWxkBQ5uU2VydmljZVR5cGVJRB4NRGF0YVRleHRGaWVsZAUTc3RyU2VydmljZVR5cGVUaXRsZR4LXyFEYXRhQm91bmRnZBAVEQNVTVMDVU1PA0ZNTwNFTVMCUkwCUFIDTU9TA1ZQUANWUEwHR2VuZXJhbANDT0QIRU1TIFBsdXMLUGFyY2VsIEludGwHUkwgSW50bApJbnN1cmVkIFJMDkluc3VyZWQgUGFyY2VsA09WThURATQBNQE2ATcBOAE5AjEwAjExAjEyAjE0AjE2AjE3AjE4AjE5AjIwAjIxAjIyFCsDEWdnZ2dnZ2dnZ2dnZ2dnZ2dnFgFmZAIED2QWAgIDD2QWAgIBDxAPFgYfAwUQc3RyQ2F0ZWdvcnlUaXRsZR8CBQtuQ2F0ZWdvcnlJRB8EZ2QQFQQMTm9uIERlbGl2ZXJ5B0RlbGF5ZWQOV3JvbmcgRGVsaXZlcnkJUGlsZmVyYWdlFQQCMTICMTMCMTQCMTUUKwMEZ2dnZ2RkAgUPZBYCAgEPZBYCAgEPD2QWAh4IcmVhZG9ubHkFBHRydWVkAgkPZBYEAgEPZBYCAgEPEA8WBh8CBQNuaWQfAwULc3RyQ2l0eU5hbWUfBGdkEBVqCUlzbGFtYWJhZAVLb2hhdAZMYWhvcmUGUXVldHRhB0thcmFjaGkIUGVzaGF3YXIKUmF3YWxwaW5kaQZNdWx0YW4JSHlkZXJhYmFkBUhhbmd1BlN1a2t1cgpCYWhhd2FscHVyCUQuSS4gS2hhbgpBYmJvdHRhYmFkCkZhaXNhbGFiYWQMTXV6YWZmYXJhYmFkDUludGVybmF0aW9uYWwGVHVyYmF0B0todXpkYXIEU2liaQdMb3JhbGFpBk11cnJlZQhUYWxhZ2FuZwlNaXJwdXIgQUsITWlhbndhbGkGR2lsZ2l0BkpoZWx1bQZBdHRvY2sITWFsYWthbmQGTWFyZGFuBkhhemFyYQVCYW5udQdDaGl0cmFsCEJhdGtoZWxhCU5vd3NoZWhyYQlDaGFyc2FkZGEHSGFyaXB1cghNYW5zZWhyYQVLYXJhawRUYW5rDFNhaWR1IFNoYXJpZgVKaGFuZwhTYXJnb2RoYQVLb3RsaQRCYWdoDlRvYmEgVGVrIFNpbmdoB0todXNoYWILU2hlaWtodXB1cmEJSmFyYW53YWxhCkd1anJhbndhbGEFT2thcmEHU2FoaXdhbAlXYXppcmFiYWQGR3VqcmF0D01hbmRpIEJhaGF1ZGRpbgdOYXJvd2FsBlBhc3J1cgVEYXNrYQlIYWZpemFiYWQHU2lhbGtvdA1TaWFsa290IENhbnR0CU5hd2Fic2hhaA5SYWhpbSBZYXIgS2hhbgdMb2RocmFuBlZlaGFyaQhLaGFuZXdhbA1NdXphZmZhciBHYXJoBkxheXlhaA9EZXJhIEdoYXppIEtoYW4NQmFoYXdhbCBOYWdhcglQYWtwYXR0YW4JU2FkaXFhYmFkCFJhamFucHVyBlNJSEFMQQVNQUxJUgdTSEFIS09UCVJhd2FsYWtvdAtNaXJwdXIgS2hhcwVLYWxhbQVLYXN1cgdDaGFrd2FsCkd1amFyIEtoYW4JSmFjb2JhYmFkB0xhcmthbmELTGFraSBNYXJ3YXQGU2thcmR1CEphbXNob3JvB0JoaW1iZXIJUGFsbGFuZHJpB0JoYWtrYXIGS2FodXRhCVdhaCBDYW50dApGYXRlaCBKYW5nBERhZHUNS2hhaXJwdXIgTWlycwlTaGlrYXJwdXIGR2hvdGtpB1NhbmdoYXIHTWF0aWFyaQdLaGFyaWFuDVNhcmFpIEFsYW1naXIITGFsYW11c2ENS2hhcmlhbiBDYW50dAdDaGluaW90Ckh1YiBDaG93a2kJTGF0aWZhYmFkFWoBMQE0ATUBNgE4ATkCMTACMTECMTMCMTQCMTUCMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzICMzMCMzQCMzUCMzYCMzcCMzgCMzkCNDACNDECNDICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTECNTICNTMCNTQCNTUCNTYCNTcCNTgCNTkCNjACNjECNjICNjMCNjQCNjYCNjgCNjkCNzACNzECNzICNzMCNzUCNzYCNzcCNzgCNzkCODACODECODMCODQCODUCODYCODcCODgCODkCOTACOTECOTICOTMCOTQCOTUCOTYCOTcCOTgCOTkDMTAwAzEwMQMxMDIDMTAzAzEwNAMxMDUDMTA2AzEwNwMxMDgDMTA5AzExMAMxMTEDMTEyAzExMwMxMTQDMTE1FCsDamdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIDD2QWAgIBDxAPFgYfAgUDbmlkHwMFC3N0ckNpdHlOYW1lHwRnZBAVaglJc2xhbWFiYWQFS29oYXQGTGFob3JlBlF1ZXR0YQdLYXJhY2hpCFBlc2hhd2FyClJhd2FscGluZGkGTXVsdGFuCUh5ZGVyYWJhZAVIYW5ndQZTdWtrdXIKQmFoYXdhbHB1cglELkkuIEtoYW4KQWJib3R0YWJhZApGYWlzYWxhYmFkDE11emFmZmFyYWJhZA1JbnRlcm5hdGlvbmFsBlR1cmJhdAdLaHV6ZGFyBFNpYmkHTG9yYWxhaQZNdXJyZWUIVGFsYWdhbmcJTWlycHVyIEFLCE1pYW53YWxpBkdpbGdpdAZKaGVsdW0GQXR0b2NrCE1hbGFrYW5kBk1hcmRhbgZIYXphcmEFQmFubnUHQ2hpdHJhbAhCYXRraGVsYQlOb3dzaGVocmEJQ2hhcnNhZGRhB0hhcmlwdXIITWFuc2VocmEFS2FyYWsEVGFuawxTYWlkdSBTaGFyaWYFSmhhbmcIU2FyZ29kaGEFS290bGkEQmFnaA5Ub2JhIFRlayBTaW5naAdLaHVzaGFiC1NoZWlraHVwdXJhCUphcmFud2FsYQpHdWpyYW53YWxhBU9rYXJhB1NhaGl3YWwJV2F6aXJhYmFkBkd1anJhdA9NYW5kaSBCYWhhdWRkaW4HTmFyb3dhbAZQYXNydXIFRGFza2EJSGFmaXphYmFkB1NpYWxrb3QNU2lhbGtvdCBDYW50dAlOYXdhYnNoYWgOUmFoaW0gWWFyIEtoYW4HTG9kaHJhbgZWZWhhcmkIS2hhbmV3YWwNTXV6YWZmYXIgR2FyaAZMYXl5YWgPRGVyYSBHaGF6aSBLaGFuDUJhaGF3YWwgTmFnYXIJUGFrcGF0dGFuCVNhZGlxYWJhZAhSYWphbnB1cgZTSUhBTEEFTUFMSVIHU0hBSEtPVAlSYXdhbGFrb3QLTWlycHVyIEtoYXMFS2FsYW0FS2FzdXIHQ2hha3dhbApHdWphciBLaGFuCUphY29iYWJhZAdMYXJrYW5hC0xha2kgTWFyd2F0BlNrYXJkdQhKYW1zaG9ybwdCaGltYmVyCVBhbGxhbmRyaQdCaGFra2FyBkthaHV0YQlXYWggQ2FudHQKRmF0ZWggSmFuZwREYWR1DUtoYWlycHVyIE1pcnMJU2hpa2FycHVyBkdob3RraQdTYW5naGFyB01hdGlhcmkHS2hhcmlhbg1TYXJhaSBBbGFtZ2lyCExhbGFtdXNhDUtoYXJpYW4gQ2FudHQHQ2hpbmlvdApIdWIgQ2hvd2tpCUxhdGlmYWJhZBVqATEBNAE1ATYBOAE5AjEwAjExAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxAjMyAjMzAjM0AjM1AjM2AjM3AjM4AjM5AjQwAjQxAjQyAjQzAjQ0AjQ1AjQ2AjQ3AjQ4AjQ5AjUxAjUyAjUzAjU0AjU1AjU2AjU3AjU4AjU5AjYwAjYxAjYyAjYzAjY0AjY2AjY4AjY5AjcwAjcxAjcyAjczAjc1Ajc2Ajc3Ajc4Ajc5AjgwAjgxAjgzAjg0Ajg1Ajg2Ajg3Ajg4Ajg5AjkwAjkxAjkyAjkzAjk0Ajk1Ajk2Ajk3Ajk4Ajk5AzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0AzExNRQrA2pnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCEA9kFgJmD2QWBAIBDxAPFgYfAgUKRGlzdHJpY3RJZB8DBQ1EaXN0cmljdF9OYW1lHwRnZBAVxwEADiAgTVVaQUZGQVJBQkFECUFiYm90YWJhZApBYmJvdHRhYmFkB0FzdG9yZSAFQXRvY2sHQXR0b2NrIAdBd2FyYW4gCEIuIE5hZ2FyBUJhZGluCEJhZ2ggQS5LB0JhZ2ggQUsRQmFnaCBBSy4gQmFnaCBBLksKQmFoYXdhbHB1cg1CYWpvdXIgQWdlbmN5BUJhbm51BkJhbm51LgdCYXJraGFuCUJhdHRhZ3JhbQVCaGFnIAdCaGFra2FyB0JoaW1iZXINQmhpbWJlciAoQS5LKQVCb2xhbgZDaGFnYWkHQ2hhZ2hpIAdDaGFrd2FsCUNoYXJzYWRkYQhDaGluaW90IAdDaGl0cmFsCEQuSS5LSEFOBERhZHUSRGVhciBNdXJhZCBKYW1hbGkgD0RlcmEgQWxsYWggWWFyIBBEZXJhIEFsbGFoYSBZYXIgCkRlcmEgQnVndGkSRGVyYSBNdXJhZCBKYW1hbGkgB0RHIEtoYW4GRGlhbWVyCURpciBMb3dlcglEaXIgVXBwZXILRGlzdHQgQnVuaXIERHVraQtGUiBELkkuS2hhbgdGUiBUQU5LBkZzZCBEbgdGc2QgR1BPCUdhbmRha2hhIAhHYXdhZGFyIAdHaGFuY2hlBkdoaXplcgZHaG90a2kGR2lsZ2l0C0d1anJhbndhbGEgBkd1anJhdAVIYW5ndQdIYXJpcHVyBkhhcm5haQ9IYXR0aWFuIEJhbGEgQUsKSGF2ZWxpIEEuSwlIYXZlbGkgQUsFSHVuemEJSHlkZXJhYmFkCUlzbGFtYWJhZAlKYWNvYmFiYWQLSmFmZmVyYWJhZCAISmFtc2hvcm8MSmhhbCBNYWdhc2kgCkpoYWwgTWFnc2kGSmhhbmcgBkpoZWx1bQVKdWRiYQVLYWNoIA1LYWNoaGkgQm9sYW4gDUthY2hpIChCb2xhbikGS2FsYXQgFEthbWJlciBAIFNoYWhkYWQga290FUthbWJlciBhdCBTaGFoZGFkIGtvdA9LYXJhY2hpIENlbnRyYWwMS2FyYWNoaSBFYXN0DUthcmFjaGkgU291dGgMS2FyYWNoaSBXZXN0BUthcmFrFEthc2htb3JlIEAgS2FuZGgga290BUthc3VyBEtlY2gIS2hhaXJwdXIQS2hhaXJwdXIgTWly4oCZcwhLaGFuZXdhbAdLaGFyYW4gCEtoYXJtYW5nB0todXNoYWIIS2h1emRhciAGS2lsbGEgDktpbGxhIEFiZHVsbGFoD0tpbGxhIFNhaWZ1bGxhaA9LaWxsYWggQWJkdWxsYWgPS2lsbGkgQWJkdWxsYWggEEtpbGxpU2FpZiBVbGxhaCAFS09oYXQIS29oaXN0YW4GS29obHUgB0tvcmFuZ2kLS290bGkgKEEuSykIS290bGkgQUsGTGFob3JlDExha2tpIE1hcndhdA5MYWtraSBNYXJ3YXQuIAdMYXJrYW5hCExhc2JlbGEgBkxheXlhaAVMZWhyaQVMZXJoaQhMb2RocmFuIAdMb3JhbGFpCk0uIEFiYWQgQUsITS5CLiBEaW4HTS5CLkRpbgVNYWNoIAdNYWl3YW5kCU1hbGFrYW5kIAVNYWxpcgtNYW5qaGkgUHVyIAhNYW5zZWhyYQdNYXJkYW4gCE1hc3R1bmcgB01hdGlhcmkITWlhbndhbGkJTWlhbnd3YWxpDE1pcnB1ciAoQS5LKQlNaXJwdXIgQUsKTWlycHVya2hhcwdNdWx0YW4gCk11bHRhbiBHUE8ITXVzYWtoZWwNTXV6YWZmYXIgR2FyaAZOLlcuQS4FTmFnYXIHTmFua2FuYQhOYXJvd2FsIApOYXNpcmFiYWQgD05hdXNoYXJvIEZlcm96ZQlOYXdhYnNoYWgJTmVlbHVtIEFLCE5vd3NoZXJhB051c2hraSAFT2thcmEJUGFrcGF0dGFuCFBhbmpndXIgCFBlc2hhd2FyB1Bpc2hpbiAGUG9vbmNoCFEuUy5QdXJhBlF1ZXR0YQpSLlkuIEtoYW4gCFJhamFucHVyC1Jhd2FscGluZGkgCFNhaGl3YWwgDVNhaWR1IFNoYXJpZiAHU2FuZ2hhcgZTYW5uaSAIU2FyZ29kaGEHU2dkIEdQTxNTaGFoZWVkIEJlbmF6aXJhYmFkB1NoYW5nbGELU2hlaWtodXB1cmEHU2hlcmFuaQZTaGlnYXIJU2hpa2FycHVyCFNpYWxrb3QgBVNpYmkgBlNrYXJkdQtTb2JhdGggUHVyIAZTb2hiYXQKU29oYmF0IFB1chhTT1VUSCBXQVpJUklTVEFOIEFHRU5DWSAbU09VVEggV0FaSVJJU1RBTiBBR0VOQ1kgU1dBCVN1ZGhhbm90aQhTdWRobm90aQdTdWphd2FsBlN1a2t1chNTdXJhYiBTaWthbmRhcmFiYWQgBVN3YWJpBFN3YXQIVC5NLmtoYW4LVC5ULiBTaW5naCAKVC5ULlNpbmdoIA5UYW5kbyBBbGxhaHlhchNUYW5kbyBNdWhhbW1hZCBLaGFuBFRhbmsEVGhhcgZUaGF0dGEHVHVyYmF0IAdVbWVya290DlVzdGEgTXVoYW1tYWQgB1ZlaGFyaSAHV2FzaHVrIARaaG9iBlppYXJhdBXHAQQxMDE3BDEwNTYEMTA1MAExBDEwMzkEMTAyMQQxMDE0ATIBMwE0BDEwMzUEMTA1MQQxMDQ0ATUBNgE3ATgBOQIxMAIxMQQxMDMxBDEwNTgEMTAxNgIxMgIxMwIxNAQxMDE4AjE1BDEwNDACMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQEMTA0MgIyNQIyNgIyNwIyOAIyOQIzMAQxMDEzBDEwMjACMzECMzIEMTA0NwQxMDQzAjMzBDEwNDgEMTAzNAQxMDE1AjM0AjM1AjM2BDEwNjEEMTAyMwQxMDI1BDEwMjQCMzcEMTAwNgIzOAIzOQI0MAI0MQI0MgQxMDQ2BDEwMTICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTACNTECNTICNTMCNTQCNTUEMTAzMAI1NgI1NwI1OAI1OQI2MAQxMDI2BDEwMjkCNjECNjICNjMCNjQCNjUCNjYCNjcCNjgCNjkCNzACNzEEMTAzMgQxMDAzBDEwNTICNzICNzMCNzQCNzUCNzYCNzcCNzgCNzkCODAEMTA2MAQxMDEwBDEwMDICODECODICODMCODQCODUCODYCODcCODgCODkEMTAwNwQxMDQ1BDEwNTUEMTA1OQI5MAI5MQI5MgI5MwI5NAI5NQQxMDQ5BDEwMTEEMTA1NwI5NgI5NwI5OAQxMDA4Ajk5AzEwMAQxMDM4AzEwMQMxMDIDMTAzAzEwNAQxMDQxBDEwMzMDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgQxMDM2BDEwMDUDMTEzAzExNAQxMDA0AzExNQQxMDM3AzExNgQxMDU0AzExNwQxMDE5AzExOAMxMTkDMTIwAzEyMQMxMjIEMTAyOAQxMDUzAzEyMwMxMjQDMTI1AzEyNgMxMjcDMTI4BDEwMjIEMTAyNwMxMjkDMTMwAzEzMQMxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MBQrA8cBZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCAw8QZGQWAGQCBQ9kFggCCw9kFgICAw9kFgICAQ8PFgIfAWVkZAIMD2QWAgIBD2QWAgIBDw8WAh8BZWRkAg0PZBYCAgEPZBYCAgEPDxYCHwFlZGQCDg9kFgICAQ9kFgICAQ8PFgIfAWVkZAIHDw8WAh8BZWRkZBWUfrDu0i9iLQy+YKke8fzb9jEYEH9UTcGyrRcx7TUI\n\nThe user-controlled value was:\n/wepdwujmtqwodm2mzg3d2qwagiddxychgdlbmn0exblbrntdwx0axbhcnqvzm9ybs1kyxrhfgicbg9kfgjmd2qwbgibd2qwcgicd2qwbaibd2qwagibdw8wah4evgv4dgvkzaidd2qwagibdxapfgyedkrhdgfwywx1zuzpzwxkbq5uu2vydmljzvr5cgvjrb4nrgf0yvrlehrgawvszautc3ryu2vydmljzvr5cgvuaxrszr4lxyfeyxrhqm91bmrnzbaveqnvtvmdvu1pa0zntwnftvmcukwcufidtu9ta1zquanwuewhr2vuzxjhbandt0qiru1tifbsdxmlugfyy2vsieludgwhukwgsw50bapjbnn1cmvkifjmdkluc3vyzwqgugfyy2vsa09wthuratqbnqe2atcboae5ajewajexajeyaje0aje2aje3aje4aje5ajiwajixajiyfcsdewdnz2dnz2dnz2dnz2dnz2dnfgfmzaied2qwagidd2qwagibdxapfgyfawuqc3ryq2f0zwdvcnluaxrszr8cbqtuq2f0zwdvcnljrb8ez2qqfqqmtm9uierlbgl2zxj5b0rlbgf5zwqov3jvbmcgrgvsaxzlcnkjuglszmvyywdlfqqcmticmtmcmtqcmtuukwmez2dnz2rkagupzbycagepzbycagepd2qwah4icmvhzg9ubhkfbhrydwvkagkpzbyeagepzbycagepea8wbh8cbqnuawqfawulc3ryq2l0eu5hbwufbgdkebvqculzbgftywjhzavlb2hhdazmywhvcmuguxvldhrhb0thcmfjagkiugvzagf3yxikumf3ywxwaw5kaqzndwx0yw4jshlkzxjhymfkbuhhbmd1bln1a2t1cgpcywhhd2fschvycuquss4gs2hhbgpbymjvdhrhymfkckzhaxnhbgfiywqmtxv6ywzmyxjhymfkduludgvybmf0aw9uywwgvhvyymf0b0todxpkyxieu2liaqdmb3jhbgfpbk11cnjlzqhuywxhz2fuzwlnaxjwdxigqusitwlhbndhbgkgr2lsz2l0bkpozwx1bqzbdhrvy2sitwfsywthbmqgtwfyzgfubkhhemfyyqvcyw5udqddagl0cmfscejhdgtozwxhcu5vd3nozwhyyqldagfyc2fkzgehsgfyaxb1cghnyw5zzwhyyqvlyxjhawruyw5rdfnhawr1ifnoyxjpzgvkagfuzwhtyxjnb2royqvlb3rsaqrcywdodlrvymegvgvrifnpbmdob0todxnoywilu2hlawtodxb1cmejsmfyyw53ywxhckd1anjhbndhbgeft2thcmehu2foaxdhbalxyxppcmfiywqgr3vqcmf0d01hbmrpiejhagf1zgrpbgdoyxjvd2fsblbhc3j1cgveyxnryqliywzpemfiywqhu2lhbgtvda1tawfsa290ienhbnr0cu5hd2fic2hhaa5sywhpbsbzyxigs2hhbgdmb2rocmfublzlagfyaqhlagfuzxdhba1ndxphzmzhcibhyxjobkxhexlhaa9ezxjhiedoyxppietoyw4nqmfoyxdhbcboywdhcglqywtwyxr0yw4ju2fkaxfhymfkcfjhamfuchvyblnjsefmqqvnquxjugdtsefis09ucvjhd2fsywtvdatnaxjwdxigs2hhcwvlywxhbqvlyxn1cgddagfrd2fsckd1amfyietoyw4jsmfjb2jhymfkb0xhcmthbmeltgfrasbnyxj3yxqgu2thcmr1cephbxnob3jvb0joaw1izxijugfsbgfuzhjpb0joywtryxigs2fodxrhcvdhacbdyw50dapgyxrlacbkyw5nberhzhuns2hhaxjwdxigtwlycwltaglryxjwdxigr2hvdgtpb1nhbmdoyxihtwf0awfyaqdlagfyawfudvnhcmfpiefsyw1naxiitgfsyw11c2ens2hhcmlhbibdyw50daddagluaw90ckh1yibdag93a2kjtgf0awzhymfkfwobmqe0atubnge4atkcmtacmtecmtmcmtqcmtucmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqcmjucmjycmjccmjgcmjkcmzacmzecmzicmzmcmzqcmzucmzycmzccmzgcmzkcndacndecndicndmcndqcnducndycndccndgcndkcntecnticntmcntqcntucntycntccntgcntkcnjacnjecnjicnjmcnjqcnjycnjgcnjkcnzacnzecnzicnzmcnzucnzycnzccnzgcnzkcodacodecodmcodqcoducodycodccodgcodkcotacotecoticotmcotqcotucotycotccotgcotkdmtawazewmqmxmdidmtazazewnamxmdudmta2azewnwmxmdgdmta5azexmamxmtedmteyazexmwmxmtqdmte1fcsdamdnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dkzaidd2qwagibdxapfgyfagudbmlkhwmfc3n0cknpdhloyw1lhwrnzbavagljc2xhbwfiywqfs29oyxqgtgfob3jlblf1zxr0yqdlyxjhy2hpcfblc2hhd2fycljhd2fscgluzgkgtxvsdgfucuh5zgvyywjhzaviyw5ndqztdwtrdxikqmfoyxdhbhb1cglelkkuietoyw4kqwjib3r0ywjhzapgywlzywxhymfkde11emfmzmfyywjhza1jbnrlcm5hdglvbmfsblr1cmjhdadlahv6zgfybfnpymkhtg9yywxhaqzndxjyzwuivgfsywdhbmcjtwlychvyieflce1pyw53ywxpbkdpbgdpdazkagvsdw0gqxr0b2nrce1hbgfryw5kbk1hcmrhbgziyxphcmefqmfubnuhq2hpdhjhbahcyxrragvsyqlob3dzagvocmejq2hhcnnhzgrhb0hhcmlwdxiitwfuc2vocmefs2fyywsevgfuawxtywlkdsbtagfyawyfsmhhbmciu2fyz29kagefs290bgkeqmfnaa5ub2jhifrlaybtaw5naadlahvzagfic1nozwlrahvwdxjhcuphcmfud2fsyqphdwpyyw53ywxhbu9ryxjhb1nhagl3ywwjv2f6axjhymfkbkd1anjhda9nyw5kasbcywhhdwrkaw4htmfyb3dhbazqyxnydxifrgfza2ejsgfmaxphymfkb1npywxrb3qnu2lhbgtvdcbdyw50daloyxdhynnoywgoumfoaw0gwwfyietoyw4htg9kahjhbgzwzwhhcmkis2hhbmv3ywwntxv6ywzmyxigr2fyaazmyxl5ywgprgvyysbhagf6asblagfudujhagf3ywwgtmfnyxijugfrcgf0dgfucvnhzglxywjhzahsywphbnb1cgztsuhbteeftufmsvihu0hbsetpvalsyxdhbgfrb3qltwlychvyietoyxmfs2fsyw0fs2fzdxihq2hha3dhbaphdwphciblagfucuphy29iywjhzadmyxjryw5hc0xha2kgtwfyd2f0blnryxjkdqhkyw1zag9ybwdcagltymvycvbhbgxhbmryaqdcagfra2fybkthahv0yqlxywggq2fudhqkrmf0zwggsmfuzwreywr1dutoywlychvyie1pcnmju2hpa2fychvybkdob3rraqdtyw5nagfyb01hdglhcmkhs2hhcmlhbg1tyxjhasbbbgftz2lycexhbgftdxnhdutoyxjpyw4gq2fudhqhq2hpbmlvdapidwigq2hvd2tpcuxhdglmywjhzbvqatebnae1atyboae5ajewajexajezaje0aje1aje2aje3aje4aje5ajiwajixajiyajizaji0aji1aji2aji3aji4aji5ajmwajmxajmyajmzajm0ajm1ajm2ajm3ajm4ajm5ajqwajqxajqyajqzajq0ajq1ajq2ajq3ajq4ajq5ajuxajuyajuzaju0aju1aju2aju3aju4aju5ajywajyxajyyajyzajy0ajy2ajy4ajy5ajcwajcxajcyajczajc1ajc2ajc3ajc4ajc5ajgwajgxajgzajg0ajg1ajg2ajg3ajg4ajg5ajkwajkxajkyajkzajk0ajk1ajk2ajk3ajk4ajk5azewmamxmdedmtayazewmwmxmdqdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgmxmtmdmte0azexnrqra2pnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzgqcea9kfgjmd2qwbaibdxapfgyfagukrglzdhjpy3rjzb8dbq1eaxn0cmljdf9oyw1lhwrnzbavxweadiagtvvaquzgqvjbqkfecufiym90ywjhzapbymjvdhrhymfkb0fzdg9yzsafqxrvy2shqxr0b2nriadbd2fyyw4gceiuie5hz2fybujhzglucejhz2ggqs5lb0jhz2ggqusrqmfnacbbsy4gqmfnacbblkskqmfoyxdhbhb1cg1cywpvdxigqwdlbmn5bujhbm51bkjhbm51lgdcyxjragfucujhdhrhz3jhbqvcagfniadcagfra2fyb0joaw1izxinqmhpbwjlciaoqs5lkqvcb2xhbgzdagfnywkhq2hhz2hpiaddagfrd2fscunoyxjzywrkyqhdagluaw90iaddagl0cmfscequss5lsefoberhzhusrgvhcibndxjhzcbkyw1hbgkgd0rlcmegqwxsywggwwfyibbezxjhiefsbgfoysbzyxigckrlcmegqnvndgksrgvyysbndxjhzcbkyw1hbgkgb0rhietoyw4grglhbwvycurpcibmb3dlcgleaxigvxbwzxilrglzdhqgqnvuaxierhvraqtguibelkkus2hhbgdguibuqu5lbkzzzcbebgdgc2qgr1bpcudhbmrha2hhiahhyxdhzgfyiadhagfuy2hlbkdoaxplcgzhag90a2kgr2lsz2l0c0d1anjhbndhbgegbkd1anjhdaviyw5ndqdiyxjpchvybkhhcm5haq9iyxr0awfuiejhbgegqusksgf2zwxpieeuswliyxzlbgkgqusfshvuemejshlkzxjhymfkculzbgftywjhzalkywnvymfiywqlsmfmzmvyywjhzcaismftc2hvcm8msmhhbcbnywdhc2kgckpoywwgtwfnc2kgsmhhbmcgbkpozwx1bqvkdwriyqvlywnoia1lywnoagkgqm9syw4gduthy2hpichcb2xhbikgs2fsyxqgfethbwjlcibaifnoywhkywqga290futhbwjlcibhdcbtagfozgfkigtvda9lyxjhy2hpienlbnryywwms2fyywnoasbfyxn0duthcmfjagkgu291dggms2fyywnoasbxzxn0buthcmfrfethc2htb3jlieags2fuzggga290buthc3vybetly2gis2hhaxjwdxiqs2hhaxjwdxigtwly4oczcwhlagfuzxdhbadlagfyyw4gcetoyxjtyw5nb0todxnoywiis2h1emrhciags2lsbgegdktpbgxhiefizhvsbgfod0tpbgxhifnhawz1bgxhaa9lawxsywggqwjkdwxsywgps2lsbgkgqwjkdwxsywggeetpbgxpu2fpzibvbgxhacafs09oyxqis29oaxn0yw4gs29obhugb0tvcmfuz2kls290bgkgkeeusykis290bgkgqusgtgfob3jldexha2tpie1hcndhda5mywtrasbnyxj3yxquiadmyxjryw5hcexhc2jlbgegbkxhexlhaavmzwhyaqvmzxjoaqhmb2rocmfuiadmb3jhbgfpck0uiefiywqgqusits5clibeaw4hts5clkrpbgvnywnoiadnywl3yw5kcu1hbgfryw5kiavnywxpcgtnyw5qagkguhvyiahnyw5zzwhyyqdnyxjkyw4gce1hc3r1bmcgb01hdglhcmkitwlhbndhbgkjtwlhbnd3ywxpde1pcnb1ciaoqs5lkqlnaxjwdxigqusktwlychvya2hhcwdndwx0yw4gck11bhrhbibhue8itxvzywtozwwntxv6ywzmyxigr2fyaazollcuqs4ftmfnyxihtmfua2fuyqhoyxjvd2fsiapoyxnpcmfiywqgd05hdxnoyxjviezlcm96zqloyxdhynnoywgjtmvlbhvtieflce5vd3nozxjhb051c2hrasaft2thcmejugfrcgf0dgfucfbhbmpndxigcfblc2hhd2fyb1bpc2hpbiagug9vbmnocfeuuy5qdxjhblf1zxr0yqpsllkuietoyw4gcfjhamfuchvyc1jhd2fscgluzgkgcfnhagl3ywwgdvnhawr1ifnoyxjpziahu2fuz2hhcgztyw5uasaiu2fyz29kagehu2dkiedqtxntagfozwvkiejlbmf6axjhymfkb1noyw5nbgelu2hlawtodxb1cmehu2hlcmfuaqztaglnyxiju2hpa2fychvycfnpywxrb3qgbvnpymkgblnryxjkdqttb2jhdggguhvyiaztb2hiyxqku29oymf0ifb1chhtt1vuscbxqvpjukltvefoiefhru5dwsabu09vveggv0fasvjju1rbtibbr0voq1kgu1dbcvn1zghhbm90aqhtdwrobm90aqdtdwphd2fsbln1a2t1chntdxjhyibtawthbmrhcmfiywqgbvn3ywjpbfn3yxqivc5nlmtoyw4lvc5ulibtaw5nacakvc5ullnpbmdoia5uyw5kbybbbgxhahlhchnuyw5kbybndwhhbw1hzcblagfubfrhbmsevghhcgzuagf0dgehvhvyymf0iadvbwvya290dlvzdgegtxvoyw1tywqgb1zlagfyasahv2fzahvriaraag9iblppyxjhdbxhaqqxmde3bdewntyemta1maexbdewmzkemtaymqqxmde0atibmwe0bdewmzuemta1mqqxmdq0atubnge3atgboqixmaixmqqxmdmxbdewntgemtaxngixmgixmwixnaqxmde4aje1bdewndacmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqemta0mgiynqiyngiynwiyoaiyoqizmaqxmdezbdewmjacmzecmziemta0nwqxmdqzajmzbdewndgemtaznaqxmde1ajm0ajm1ajm2bdewnjeemtaymwqxmdi1bdewmjqcmzcemtawngizoaizoqi0mai0mqi0mgqxmdq2bdewmticndmcndqcnducndycndccndgcndkcntacntecnticntmcntqcntuemtazmai1ngi1nwi1oai1oqi2maqxmdi2bdewmjkcnjecnjicnjmcnjqcnjucnjycnjccnjgcnjkcnzacnzeemtazmgqxmdazbdewnticnzicnzmcnzqcnzucnzycnzccnzgcnzkcodaemta2maqxmdewbdewmdicodecodicodmcodqcoducodycodccodgcodkemtawnwqxmdq1bdewntuemta1oqi5mai5mqi5mgi5mwi5nai5nqqxmdq5bdewmteemta1nwi5ngi5nwi5oaqxmda4ajk5azewmaqxmdm4azewmqmxmdidmtazazewnaqxmdqxbdewmzmdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgqxmdm2bdewmdudmtezazexnaqxmda0azexnqqxmdm3azexngqxmdu0azexnwqxmde5azexoamxmtkdmtiwazeymqmxmjiemtayoaqxmduzazeymwmxmjqdmti1azeyngmxmjcdmti4bdewmjiemtaynwmxmjkdmtmwazezmqmxmzidmtmzazeznamxmzudmtm2azeznwmxmzgdmtm5aze0mbqra8cbz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzxybzmqcaw8qzgqwagqcbq9kfggccw9kfgicaw9kfgicaq8pfgifawvkzaimd2qwagibd2qwagibdw8wah8bzwrkag0pzbycagepzbycagepdxychwflzgqcdg9kfgicaq9kfgicaq8pfgifawvkzaihdw8wah8bzwrkzbwufrdu0i9ilqy+ykke8fzb9jeyeh9utcgyrrcx7tui","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATE","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1454","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender3_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender3_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1461","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender6_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender6_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1464","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n130","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1514","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n131","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1515","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n134","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1518","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n136","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1520","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n138","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1522","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n139","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":308,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"308","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1523","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 5 times, the first in likely comment: \"// Name: AjaxControlToolkit.Animation.Animations.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"nimation.Animations.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":315,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"315","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1531","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 7 times, the first in likely comment: \"/// background color (the latter is required in case the user has ClearType enabled). The default value is true.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"equired in case the user has ClearType enabl","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":315,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"315","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1532","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/// play (this is similar to the case or select statements in C#/VB, etc.). If the provided\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ase or select statements i","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":315,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"315","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1533","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 46 times, the first in likely comment: \"/// type that will be used when creating animations from a JSON description. This method can also be called\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"creating animations from a JSON description.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":315,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"315","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1534","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 9 times, the first in likely comment: \"/// Play the animation from the beginning or where it was left off when paused.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"om the beginning or where it was left off whe","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":315,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"315","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1535","alertRef":"10027"}]},"vulnerability_types":{"Re-examine Cache-control Directives":11,"Content Security Policy (CSP) Header Not Set":16,"Cross-Domain JavaScript Source File Inclusion":20,"Modern Web Application":18,"Sub Resource Integrity Attribute Missing":17,"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)":45,"Server Leaks Version Information via \"Server\" HTTP Response Header Field":38,"Missing Anti-clickjacking Header":14,"Strict-Transport-Security Header Not Set":45,"X-Content-Type-Options Header Missing":36,"Cookie No HttpOnly Flag":8,"Cookie without SameSite Attribute":7,"Absence of Anti-CSRF Tokens":13,"Session Management Response Identified":12,"X-AspNet-Version Response Header":8,"Information Disclosure - Suspicious Comments":18,"Secure Pages Include Mixed Content (Including Scripts)":1,"User Controllable HTML Element Attribute (Potential XSS)":54,"Vulnerable JS Library":2,"Cross Site Scripting (Reflected)":2,"SQL Injection":5},"owasp_top10":{"Unmapped / Other":287,"A05: Security Misconfiguration":81,"A01: Broken Access Control":13,"A06: Vulnerable and Outdated Components":2,"A03: Injection":7}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a0fac311bff021549f7d7fb"},"created_at":{"$date":"2026-05-22T01:06:57.080Z"},"url":"https://ep.gov.pk/","tool":"owaspzap","result":{"status":"completed","target_url":"https://ep.gov.pk/","scan_timestamp":"20260521_234349","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"1","status":"completed","urls_found":90,"urls_list":["https://ep.gov.pk/","https://ep.gov.pk/international_tracking.asp","https://ep.gov.pk/hq/gridcss.css","https://ep.gov.pk/images/search.gif","https://ep.gov.pk/images/pak_post.jpeg","https://ep.gov.pk/images/findoutmore.gif","https://ep.gov.pk/%DA%A9%D8%B1%DB%8C%DA%88%D9%B9","https://ep.gov.pk/customers_guide.asp","https://ep.gov.pk/images/citizen_portal.png","https://ep.gov.pk/Tender.asp","https://ep.gov.pk/HQ/management_console.asp","https://ep.gov.pk/index.asp","https://ep.gov.pk/complaints.asp","https://ep.gov.pk/sitemap.asp","https://ep.gov.pk/locatepos.asp","https://ep.gov.pk/F_C/Facilitation_centres.html","https://ep.gov.pk/ourflyers.asp","https://ep.gov.pk/images/pmduinfoafz.jpeg","https://ep.gov.pk/track.asp","https://ep.gov.pk/DeliveryAppCopy.asp","https://ep.gov.pk/awards.asp","https://ep.gov.pk/HQ/contactus.asp","https://ep.gov.pk/images/delivery%20post.png","https://ep.gov.pk/clients.asp","https://ep.gov.pk/HQ/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/HQ/downloadPostApp.asp?file=pakpost.apk","https://ep.gov.pk/HQ/F_C/Facilitation_centres.html","https://ep.gov.pk/services/emo_intro.asp","https://ep.gov.pk/SpryAssets/SpryAccordion.css","https://ep.gov.pk/images/uc.gif","https://ep.gov.pk/Flyers.asp?n=4.jpg","https://ep.gov.pk/images/2.jpg","https://ep.gov.pk/HQ/gridcss.css","https://ep.gov.pk/ep_Complaint/Default_Test.aspx","https://ep.gov.pk/Registerationform.docx","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background6.jpg","https://ep.gov.pk/images/Same_Day_Delivery_Flyer.jpg","https://ep.gov.pk/images%5CpostalRanking.jpg","https://ep.gov.pk/ep_Complaint/default.aspx","https://ep.gov.pk/Unutilized_Notice.jpeg","https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=3RhAMIgdbN63BPJb1iSlcS-DmhvxNNv37m9oFTRT3zcJOYWNkoRd9OBHb-ejUuptgzfhsO5fRkg-qlQW-7WECuHHY2Fr6NI4uAvOg1UhRr5pQ1cfbnHkzMM5y0XI3S7M3XxsNbAW46plhqtgzSp49TuyKVk1GivN70_9OXoDGTo0_1wA5UTO9TtIn8csVY9y0&t=634442468680000000","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=NWzA0_daI3_D_NJp0c8MzJrGi1qlw9sGUc13s-En0MWnNeEb2LHHMidXQ94B_ocfKPZezq5Cpz1swVfxTet_WJh0ApJxw_nqUD3KZx_icdJ_Y-4YRWeiesYLi-ru2vykY-tFnI4IIPvQjF_4Ac9OLoOX2AMQklXctIiFYPKEByc1&t=634442468680000000","https://ep.gov.pk/ep_Complaint/jquery-ui.css","https://ep.gov.pk/images/a_4.jpg","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=ccE8YupVPY4KvSRgDTm0I-eQnmG_w1Bh7b4Gui3L7OZO3ESVFskCHY9TFLuJZhOpL2enFk9IjcmX3Ge6I4Dz3s80_DtunuCDB494JdJpWFc495Ra8NlVFgd4nb_N2Mp_tarnv2iW3swixlRHy8tfqceBkL7KjsDvLPvA93HmRns1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/loading_icon.gif","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=Y2eOyuXjEJWig1IxJAkA4pItUriujPK-B50_hhkKuP56eYaPknOz3aebDygmIj1U18jVCWxuz7g5asb0t_ZnCFoMTJFDMNI6WvTXnyTaOp3mZYErPjEyQHVYfXwctiJGuhhweRWmytXXZGrEvmjomoyECIYY5uJl1fGGGB5MDvA1&t=ffffffffe929205a","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=lJjEyTZiugz_h1GaAo0d7mof4H0TfizAHLgPf_01qyfLjkp692oHSmkiUIu6XZAPmhzflzatpF1GbjlPBRWOzFUbop3nJenaIA90hR_8EM95ngdm2_R8KM-viUH4ndFEAlgcSantp33NyTZvM5yCvPfl4KzWTQHB8ABPh4SuH9NQlYoA0Pi7cVj90foEbNb-0&t=363be08","https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=BbSBvXhD8EthEiTR5PhSkrKBGc8JeJ6dfeEu5UukXLtukekPyk-MC0s9l10uBFNKzlf7za_l1Q20VlmHYl5w8s4UGDuQJMrJWeea5dLDXd01&t=637568388846384355","https://ep.gov.pk/emtts/EPTrack_Live.aspx?ArticleIDz=ZAP","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cc2LHxWkDOV1k29cK4xi1w-0cvrv7oTUWaiW8TpxpXlvZsjetUMyol4Ct4aa2s-b26te8WbeNinTr_Nm1UQQwRxT803Vtq9R_UuDfzDFv-XjpAa5f1d4KkBIOUHf_EqtMNHEH_cDJaDywNNVKdSV78SmojI0JErJvgKtg_AIeRmBxc1F9YGvmeL4I4D_DZYx0&t=363be08","https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","https://ep.gov.pk/2021-09-06.pdf","https://ep.gov.pk/ep_Complaint/Default.aspx","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/wz_jsgraphics.js","https://ep.gov.pk/HQ/images%5CpostalRanking.jpg","https://ep.gov.pk/Flyers.asp?n=2.jpg","https://ep.gov.pk/services/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/Flyers.asp?n=1.jpg","https://ep.gov.pk/services/images%5CpostalRanking.jpg","https://ep.gov.pk/Flyers.asp?n=3.jpg","https://ep.gov.pk/images/1.jpg","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background7.jpg","https://ep.gov.pk/Notice.pdf","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","https://ep.gov.pk/CamScanner%20_Notice.pdf","https://ep.gov.pk/images/4.jpg","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=aW4RavIXnhPbtyKUL33fylTuxV2d9DBabsjK6atiRtcguR0mRPC-d9xS4sq-g1cUJSj_RRDfRgzBeGWjKSKaqW-LxNmHx0BP_QjXwe4nsh8d9AFApG32heZ91I20p9cZEfdGkQFS0HTu4itasQqRaPd5-EAeZBniMakKEiTb3SaBvGIFfX-htBTJWiHMFz9O0&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cYPZ7DrE0NK5MKM-1AuV8niY5-FfJowOJ1LhErO1oQJHnjbe0YPPMy8FYldlYIuTUXvqejk9YQYkR6qezj1PrRURDx_WELbMng9cANpMEsGlJWnw7eIJpzm31OHms7bQTJsHaAtpuxBRiTw7H5KqregSw_zxYnQ-TBeq3jNMD53qn4pmi0_ZYm7uTo7DBYmzAFr2JvtCoOleNZ20BX5AIQ2&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5wTP8DdtNadAO2bGUMf1iqcuqQzxmoxxYb9IFvwswxmezPZUm_glxRCYgzo3xP24sz5EZjQw5-TKw5B3RSc4znbdaZVKxJN98jWlCoiXhddKzyTlPKi4VeArvRuUTjjLYVTpXsjXTtMVLakLoZoHiX-W_yEpQz4aAjpvOJGwsqQ1&t=ffffffff9b7d03cf","https://ep.gov.pk/Tender_Notice%5C2022-01-21-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.jpg","https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5C2022-05-20-Tender-Document-of-Private-Partner-For-Delivery-Of-UMS-PLUS-Under-The-DGPPO-IBD.pdf","https://ep.gov.pk/Document_Tender_Notice_For_Selection.pdf","https://ep.gov.pk/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/2021-11-19-List-of-Prohibited-Items-According-To-Pakistan-Post-Guide.pdf","https://ep.gov.pk/Tender_Notice%5Cfedex%20agreement%20with%20sign.pdf","https://ep.gov.pk/files/List%20of%20Prohibited%20Items2.pdf","https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","https://ep.gov.pk/Tender_Notice%5Cdhl.pdf","https://ep.gov.pk/Tender_Notice%5C2022-02-22-Revised-Tender-Documents-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Islamabad.pdf"],"duration":13.375155925750732},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.0272798538208},"passive_scan":{"status":"completed","duration":0.0021817684173583984},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"ep.gov.pk","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/ascan/view/status/?scanId=1 (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"vulnerabilities":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"reports":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"}}},"summary":""},{"_id":{"$oid":"6a10293a1c0a1686fc6f6e38"},"created_at":{"$date":"2026-05-22T10:00:26.015Z"},"url":"https://ep.gov.pk/","tool":"owaspzap","result":{"status":"completed","target_url":"https://ep.gov.pk/","scan_timestamp":"20260522_051025","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":85,"urls_list":["https://ep.gov.pk/","https://ep.gov.pk/international_tracking.asp","https://ep.gov.pk/hq/gridcss.css","https://ep.gov.pk/robots.txt","https://ep.gov.pk/images/search.gif","https://ep.gov.pk/images/ead.jpeg","https://ep.gov.pk/images/citizen_portal.png","https://ep.gov.pk/%DA%A9%D8%B1%DB%8C%DA%88%D9%B9","https://ep.gov.pk/CallCenter/OverlayPage.htm","https://ep.gov.pk/services.asp","https://ep.gov.pk/complaints.asp","https://ep.gov.pk/services/same_day_delivery.asp","https://ep.gov.pk/calculatepostage.asp","https://ep.gov.pk/F_C/Facilitation_centres.html","https://ep.gov.pk/specialoffers.asp","https://ep.gov.pk/Tender.asp","https://ep.gov.pk/CallCenter/Images/close%20btn.png","https://ep.gov.pk/CallCenter/Images/google-play-btn-.png","https://ep.gov.pk/CallCenter/Styles/style.css","https://ep.gov.pk/RestHouse.asp","https://ep.gov.pk/services/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/wz_jsgraphics.js","https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","https://ep.gov.pk/services/contactus.asp","https://ep.gov.pk/services/F_C/Facilitation_centres.html","https://ep.gov.pk/services/fms_intro.asp","https://ep.gov.pk/services/isp_intro.asp","https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","https://ep.gov.pk/ACG-67,","https://ep.gov.pk/Calculate_Postage/downloadPostApp.asp?file=pakpost.apk","https://ep.gov.pk/Calculate_Postage/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/services/ums_intro.asp","https://ep.gov.pk/others","https://ep.gov.pk/Calculate_Postage/F_C/Facilitation_centres.html","https://ep.gov.pk/Calculate_Postage/style.css","https://ep.gov.pk/Calculate_Postage/contactus.asp","https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","https://ep.gov.pk/Calculate_Postage/umo_calculated_postage.asp","https://ep.gov.pk/2nd","https://ep.gov.pk/Calculate_Postage/isp_calculated_postage.asp","https://ep.gov.pk/services/cod_intro.asp","https://ep.gov.pk/ep_Complaint/Default_Test.aspx","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","https://ep.gov.pk/aboutus.asp","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=NWzA0_daI3_D_NJp0c8MzJrGi1qlw9sGUc13s-En0MWnNeEb2LHHMidXQ94B_ocfKPZezq5Cpz1swVfxTet_WJh0ApJxw_nqUD3KZx_icdJ_Y-4YRWeiesYLi-ru2vykY-tFnI4IIPvQjF_4Ac9OLoOX2AMQklXctIiFYPKEByc1&t=634442468680000000","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=3RhAMIgdbN63BPJb1iSlcS-DmhvxNNv37m9oFTRT3zcJOYWNkoRd9OBHb-ejUuptgzfhsO5fRkg-qlQW-7WECuHHY2Fr6NI4uAvOg1UhRr5pQ1cfbnHkzMM5y0XI3S7M3XxsNbAW46plhqtgzSp49TuyKVk1GivN70_9OXoDGTo0_1wA5UTO9TtIn8csVY9y0&t=634442468680000000","https://ep.gov.pk/ep_Complaint/loading_icon.gif","https://ep.gov.pk/awards.asp","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=Y2eOyuXjEJWig1IxJAkA4pItUriujPK-B50_hhkKuP56eYaPknOz3aebDygmIj1U18jVCWxuz7g5asb0t_ZnCFoMTJFDMNI6WvTXnyTaOp3mZYErPjEyQHVYfXwctiJGuhhweRWmytXXZGrEvmjomoyECIYY5uJl1fGGGB5MDvA1&t=ffffffffe929205a","https://ep.gov.pk/images/delivery%20post.png","https://ep.gov.pk/ep_Complaint/jquery-ui.css","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=BbSBvXhD8EthEiTR5PhSkrKBGc8JeJ6dfeEu5UukXLtukekPyk-MC0s9l10uBFNKzlf7za_l1Q20VlmHYl5w8s4UGDuQJMrJWeea5dLDXd01&t=637568388846384355","http://ep.gov.pk/contactus.asp","https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=lJjEyTZiugz_h1GaAo0d7mof4H0TfizAHLgPf_01qyfLjkp692oHSmkiUIu6XZAPmhzflzatpF1GbjlPBRWOzFUbop3nJenaIA90hR_8EM95ngdm2_R8KM-viUH4ndFEAlgcSantp33NyTZvM5yCvPfl4KzWTQHB8ABPh4SuH9NQlYoA0Pi7cVj90foEbNb-0&t=363be08","https://ep.gov.pk/HQ/gridcss.css","https://ep.gov.pk/services/emsp_intro.asp","https://ep.gov.pk/tariff/emo_tariff.asp","https://ep.gov.pk/services/umsovernight_intro.asp","https://ep.gov.pk/customers_guide.asp","https://ep.gov.pk/sitemap.asp","https://ep.gov.pk/Calculate_Postage/ums_calculated_postage.asp","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=ccE8YupVPY4KvSRgDTm0I-eQnmG_w1Bh7b4Gui3L7OZO3ESVFskCHY9TFLuJZhOpL2enFk9IjcmX3Ge6I4Dz3s80_DtunuCDB494JdJpWFc495Ra8NlVFgd4nb_N2Mp_tarnv2iW3swixlRHy8tfqceBkL7KjsDvLPvA93HmRns1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background1.jpg","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cc2LHxWkDOV1k29cK4xi1w-0cvrv7oTUWaiW8TpxpXlvZsjetUMyol4Ct4aa2s-b26te8WbeNinTr_Nm1UQQwRxT803Vtq9R_UuDfzDFv-XjpAa5f1d4KkBIOUHf_EqtMNHEH_cDJaDywNNVKdSV78SmojI0JErJvgKtg_AIeRmBxc1F9YGvmeL4I4D_DZYx0&t=363be08","https://ep.gov.pk/images/emsp_plus.png","https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","https://ep.gov.pk/Notice.pdf","https://ep.gov.pk/Calculate_Postage/fmo_calculated_postage.asp","https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","https://ep.gov.pk/ep_Complaint/Default.aspx","https://ep.gov.pk/Calculate_Postage/images%5CpostalRanking.jpg","https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","https://ep.gov.pk/locatepos.asp","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","https://ep.gov.pk/%DA%A9%D8%A7%D9%84","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","https://ep.gov.pk/2021-07-29.pdf","https://ep.gov.pk/Tender_Notice%5Cfedex.pdf"],"duration":50.20279288291931},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.05854415893555},"passive_scan":{"status":"completed","duration":0.006726741790771484},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"ep.gov.pk","open_ports":[80],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":7201.296977043152},"vulnerabilities":{"total_alerts":397,"high_risk":6,"medium_risk":80,"low_risk":183,"informational":128,"alerts_by_risk":{"High":[{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":254,"wascid":"19","description":"SQL injection may be possible.","messageId":"25162","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1357","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":302,"wascid":"19","description":"SQL injection may be possible.","messageId":"25211","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1360","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":277,"wascid":"19","description":"SQL injection may be possible.","messageId":"25238","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1361","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":262,"wascid":"19","description":"SQL injection may be possible.","messageId":"25419","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1365","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":294,"wascid":"19","description":"SQL injection may be possible.","messageId":"25545","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1366","alertRef":"40018"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"1","other":"","method":"POST","evidence":"HTTP/1.1 500 Internal Server Error","pluginId":"40018","cweid":"89","confidence":"Low","sourceMessageId":303,"wascid":"19","description":"SQL injection may be possible.","messageId":"25642","inputVector":"form","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"POLICY_SEQUENCE":"","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","PCI_DSS":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","CWE-89":"https://cwe.mitre.org/data/definitions/89.html","POLICY_QA_CICD":"","POLICY_DEV_CICD":"","OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","WSTG-v42-INPV-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection","POLICY_API":"","POLICY_DEV_FULL":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","POLICY_PENTEST":"","HIPAA":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#compliance","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html","API_2023_API10":"https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","solution":"Do not trust client side input, even if there is client side validation in place.\nIn general, type check all data on the server side.\nIf the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'\nIf the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.\nIf database Stored Procedures can be used, use them.\nDo *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!\nDo not create dynamic SQL queries using simple string concatenation.\nEscape all data received from the client.\nApply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.\nApply the principle of least privilege by using the least privileged database user possible.\nIn particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.\nGrant the minimum database access that is necessary for the application.","alert":"SQL Injection","param":"txt_ArticleNo","attack":"'","name":"SQL Injection","risk":"High","id":"1368","alertRef":"40018"}],"Medium":[{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"0","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":1,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"7","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"11","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":53,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"29","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/CallCenter/OverlayPage.htm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":63,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"63","inputVector":"","url":"https://ep.gov.pk/CallCenter/OverlayPage.htm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"57","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/services/same_day_delivery.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":82,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/services/same_day_delivery.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"64","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":85,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"85","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"67","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"83","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":147,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"89","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/CallCenter/OverlayPage.htm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":63,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"63","inputVector":"","url":"https://ep.gov.pk/CallCenter/OverlayPage.htm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"91","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/services/isp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/services/isp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"97","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":204,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"119","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":176,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"120","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":79,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"124","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":141,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"181","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":95,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"184","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":208,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"202","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/services/isp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":155,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/services/isp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"207","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":161,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"262","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":176,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"276","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":96,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"285","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":95,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"320","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":69,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"323","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":156,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"156","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"327","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 2: \"Reset\" \"Submit2\" \"value\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":141,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"332","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":147,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"338","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":208,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"342","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"350","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":175,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"357","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":84,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"358","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":96,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"359","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":136,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"366","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":168,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"372","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/services/same_day_delivery.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":82,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/services/same_day_delivery.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"376","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"388","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":79,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"399","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":204,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"401","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":69,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"410","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":208,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"418","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":156,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"156","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"423","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":141,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"431","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":175,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"451","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":161,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"462","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":168,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"468","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/tariff/emo_tariff.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":222,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"222","inputVector":"","url":"https://ep.gov.pk/tariff/emo_tariff.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"494","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":221,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"510","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/tariff/emo_tariff.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":222,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"222","inputVector":"","url":"https://ep.gov.pk/tariff/emo_tariff.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"518","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":225,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"532","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":226,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"544","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":227,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"560","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":225,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"561","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":237,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"562","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"B1\" \"textfieldz\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":226,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"563","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":225,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"615","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":226,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"619","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":237,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"620","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":221,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"651","alertRef":"90003"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","sourceid":"3","other":"The identified library jquery, version 1.5.1 is vulnerable.\nCVE-2011-4969\nCVE-2020-11023\nCVE-2020-11022\nCVE-2015-9251\nCVE-2019-11358\nCVE-2020-7656\nCVE-2012-6708\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6708\nhttps://github.com/jquery/jquery/issues/2432\nhttp://research.insecurelabs.org/jquery/test/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/advisories/GHSA-rmxg-73gg-4p98\nhttps://github.com/jquery/jquery.com/issues/162\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7656\nhttps://bugs.jquery.com/ticket/9521\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttp://bugs.jquery.com/ticket/11290\nhttps://research.insecurelabs.org/jquery/test/\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttps://github.com/advisories/GHSA-q4m3-2j7h-f7xw\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4969\n","method":"GET","evidence":"jquery-1.5.1.js","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":216,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"216","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","tags":{"CVE-2011-4969":"https://nvd.nist.gov/vuln/detail/CVE-2011-4969","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","CVE-2019-11358":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358","CVE-2012-6708":"https://nvd.nist.gov/vuln/detail/CVE-2012-6708","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","CVE-2020-11023":"https://nvd.nist.gov/vuln/detail/CVE-2020-11023","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","CVE-2020-11022":"https://nvd.nist.gov/vuln/detail/CVE-2020-11022","POLICY_QA_STD":"","POLICY_PENTEST":"","CVE-2015-9251":"https://nvd.nist.gov/vuln/detail/CVE-2015-9251","CVE-2020-7656":"https://nvd.nist.gov/vuln/detail/CVE-2020-7656","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"676","alertRef":"10003"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","sourceid":"3","other":"The identified library jquery-ui, version 1.8.14 is vulnerable.\nCVE-2021-41184\nCVE-2021-41183\nCVE-2021-41182\nCVE-2022-31160\nhttps://github.com/advisories/GHSA-h6gj-6jjq-h8g9\nhttps://bugs.jqueryui.com/ticket/15284\nhttps://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31160\nhttps://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41184\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41183\nhttps://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41182\nhttps://github.com/jquery/jquery-ui/issues/2101\n","method":"GET","evidence":"/*!\n * jQuery UI 1.8.14","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":232,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"232","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","tags":{"CVE-2021-41184":"https://nvd.nist.gov/vuln/detail/CVE-2021-41184","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","CVE-2021-41183":"https://nvd.nist.gov/vuln/detail/CVE-2021-41183","CVE-2021-41182":"https://nvd.nist.gov/vuln/detail/CVE-2021-41182","POLICY_QA_STD":"","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","POLICY_PENTEST":"","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","CVE-2022-31160":"https://nvd.nist.gov/vuln/detail/CVE-2022-31160","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"681","alertRef":"10003"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":241,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"706","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":263,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"754","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":270,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"270","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"755","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":273,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"273","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"757","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":249,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"768","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"fuplAttatchment\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":249,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"775","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":263,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"778","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":258,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"781","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"fuplAttatchment\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":258,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"786","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":285,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"285","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"960","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":283,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"283","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"968","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":294,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"971","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":280,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"280","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"981","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":300,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"987","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":295,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"989","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":295,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"999","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":296,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"296","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1001","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":294,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1014","alertRef":"10038-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"__EVENTARGUMENT\" \"__EVENTTARGET\" \"__LASTFOCUS\" \"__VIEWSTATE\" \"__VIEWSTATEGENERATOR\" \"ImageButton1\" \"ImageButton2\" \"ImageButton3\" \"TextBoxCustomBookingOffice\" \"txt_ArticleNo\" \"txt_BookingDate\" \"txt_ComplainantName\" \"txt_ComplainantPhNo\" \"txtAddresseeEmail\" \"txtAddresseeMobile\" \"txtAddresseeName\" \"txtAddresseeTel\" \"txtSenderEmail\" \"txtSenderMobile\" \"txtSenderName\" \"txtSenderTel\" \"ValidatorCalloutExtender10_ClientState\" \"ValidatorCalloutExtender11_ClientState\" \"ValidatorCalloutExtender1_ClientState\" \"ValidatorCalloutExtender2_ClientState\" \"ValidatorCalloutExtender3_ClientState\" \"ValidatorCalloutExtender4_ClientState\" \"ValidatorCalloutExtender5_ClientState\" \"ValidatorCalloutExtender6_ClientState\" \"ValidatorCalloutExtender7_ClientState\" \"ValidatorCalloutExtender8_ClientState\" \"ValidatorCalloutExtender9_ClientState\" \"ValidatorCalloutExtenderbkd_ClientState\" ].","method":"POST","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":283,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"283","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"1030","alertRef":"10202"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":306,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"1292","alertRef":"10020-1"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":306,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1307","alertRef":"90003"}],"Low":[{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"5","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"6","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"13","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":55,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"17","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":55,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"19","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":55,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"20","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/hq/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":55,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"55","inputVector":"","url":"https://ep.gov.pk/hq/gridcss.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"21","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":53,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"33","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":53,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"45","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":53,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"49","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/images/search.gif","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":58,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"58","inputVector":"","url":"https://ep.gov.pk/images/search.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"53","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/ead.jpeg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":60,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"60","inputVector":"","url":"https://ep.gov.pk/images/ead.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"72","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/images/search.gif","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":58,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"58","inputVector":"","url":"https://ep.gov.pk/images/search.gif","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"76","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/CallCenter/Images/close btn.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":101,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"101","inputVector":"","url":"https://ep.gov.pk/CallCenter/Images/close%20btn.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"98","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/CallCenter/Styles/style.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":111,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"111","inputVector":"","url":"https://ep.gov.pk/CallCenter/Styles/style.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"108","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":207,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"207","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"117","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/ead.jpeg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":60,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"60","inputVector":"","url":"https://ep.gov.pk/images/ead.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"132","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":207,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"207","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"149","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":79,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"154","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":84,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"156","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/CallCenter/Images/close btn.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":101,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"101","inputVector":"","url":"https://ep.gov.pk/CallCenter/Images/close%20btn.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"157","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":85,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"85","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"164","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/CallCenter/OverlayPage.htm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":63,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"63","inputVector":"","url":"https://ep.gov.pk/CallCenter/OverlayPage.htm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"170","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":69,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"185","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":96,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"188","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":79,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"189","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":84,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"191","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":141,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"214","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":207,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"207","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/loading_icon.gif","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"215","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":69,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"219","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":147,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"222","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":96,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"226","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":156,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"156","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"241","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":203,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"250","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":204,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"253","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":147,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"255","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":96,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"258","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"259","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"261","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/CallCenter/OverlayPage.htm","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":63,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"63","inputVector":"","url":"https://ep.gov.pk/CallCenter/OverlayPage.htm","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"268","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":95,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"273","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":203,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"274","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":168,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"281","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"283","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":161,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"284","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"292","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":95,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"294","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":175,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"298","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":204,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"299","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":204,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"300","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":156,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"156","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"307","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":203,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"313","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":175,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"316","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"318","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":208,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"321","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":161,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"322","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":147,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"329","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":96,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"330","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":168,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"331","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":96,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"339","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/services/isp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":155,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/services/isp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"349","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":204,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"355","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":147,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"361","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":79,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"362","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/services/same_day_delivery.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":82,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/services/same_day_delivery.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"365","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":95,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"367","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":84,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"379","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":96,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"381","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services/isp_intro.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":155,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/services/isp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"382","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":69,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"383","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/services/isp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":155,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/services/isp_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"396","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services/same_day_delivery.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":82,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/services/same_day_delivery.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"398","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":141,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"406","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":141,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"414","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":79,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"420","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":95,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"424","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/complaints.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":79,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"79","inputVector":"","url":"https://ep.gov.pk/complaints.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"429","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":69,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"433","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"437","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":208,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"441","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":208,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"443","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":175,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"449","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":175,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"461","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":175,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"463","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":136,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"469","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":136,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"470","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":161,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"471","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":168,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"473","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":176,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"479","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":176,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"482","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":176,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"483","alertRef":"10037"},{"nodeName":"http://ep.gov.pk/contactus.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":213,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"213","inputVector":"","url":"http://ep.gov.pk/contactus.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"484","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/images/delivery post.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":210,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"210","inputVector":"","url":"https://ep.gov.pk/images/delivery%20post.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"486","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/HQ/gridcss.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":219,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"219","inputVector":"","url":"https://ep.gov.pk/HQ/gridcss.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"489","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":211,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"211","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"496","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/images/delivery post.png","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":210,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"210","inputVector":"","url":"https://ep.gov.pk/images/delivery%20post.png","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"505","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Notice-Mobile Phones.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":215,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"215","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"506","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui.css","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":211,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"211","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui.css","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"514","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":233,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"233","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"523","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/tariff/emo_tariff.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":222,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"222","inputVector":"","url":"https://ep.gov.pk/tariff/emo_tariff.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"529","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":227,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"533","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/images/emsp_plus.png","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":236,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"236","inputVector":"","url":"https://ep.gov.pk/images/emsp_plus.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"535","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":225,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"536","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/images/emsp_plus.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":236,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"236","inputVector":"","url":"https://ep.gov.pk/images/emsp_plus.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"543","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":226,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"549","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":237,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"552","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":226,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"553","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":226,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"555","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":237,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=UA-2069708-13","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"557","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":237,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"558","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/Notice.pdf","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":239,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"239","inputVector":"","url":"https://ep.gov.pk/Notice.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"566","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":233,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"233","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"570","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background1.jpg","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":234,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"234","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background1.jpg","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"576","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":227,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"580","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":227,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"595","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":227,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"596","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/tariff/emo_tariff.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":222,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"222","inputVector":"","url":"https://ep.gov.pk/tariff/emo_tariff.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"600","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/tariff/emo_tariff.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":222,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"222","inputVector":"","url":"https://ep.gov.pk/tariff/emo_tariff.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"601","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":225,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"611","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":237,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"616","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":226,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"617","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":225,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"622","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":225,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"623","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/customers_guide.asp","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":226,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"226","inputVector":"","url":"https://ep.gov.pk/customers_guide.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"626","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":221,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"633","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":221,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.google.com/recaptcha/api.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"635","alertRef":"10017"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":221,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"650","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":216,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"216","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"672","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":216,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"216","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"675","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":232,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"232","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"680","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":247,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"247","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"697","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\UMS Plus Tender.jpeg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":245,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"245","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"702","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Document for Selection of Airlines & Transport Partners.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":246,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"246","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"705","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Set-Cookie: ASP.NET_SessionId","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":241,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"ASP.NET_SessionId","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"707","alertRef":"10011"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\UMS Plus\\UMS Plus Tender.jpeg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":245,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"245","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"709","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":241,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"714","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":241,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"715","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":241,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"737","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":241,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"738","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":268,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"268","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"751","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Documents of UMS-Plus 04-02-2022_revise.pdf","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":269,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"269","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"761","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Documents of UMS-Plus 04-02-2022_revise.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":269,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"269","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"763","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\Tender Documents of UMS-Plus 04-02-2022_revise.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":269,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"269","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"774","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":254,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"254","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"776","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":254,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"254","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"777","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":270,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"270","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"789","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":270,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"270","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"790","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":273,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"273","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"796","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":273,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"273","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"803","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":249,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"808","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":263,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"812","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":263,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"813","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"GET","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":249,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"821","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":249,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"823","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":249,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"825","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":258,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"836","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":263,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"879","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":258,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"889","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":258,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"890","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton2,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":284,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"284","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"964","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":280,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"280","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"1010","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":300,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1029","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":300,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"1044","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":283,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"283","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1115","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":296,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"296","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1159","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":296,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"296","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1161","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":293,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"293","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1163","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":294,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1176","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"An attacker can use this information to exploit known vulnerabilities.","method":"POST","evidence":"4.0.30319","pluginId":"10061","cweid":"933","confidence":"High","sourceMessageId":294,"wascid":"14","description":"Server leaks information via \"X-AspNet-Version\"/\"X-AspNetMvc-Version\" HTTP response header field(s).","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","CWE-933":"https://cwe.mitre.org/data/definitions/933.html","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://www.troyhunt.com/shhh-dont-let-your-response-headers/\nhttps://learn.microsoft.com/en-us/archive/blogs/varunm/remove-unwanted-http-response-headers","solution":"Configure the server so it will not return those headers.","alert":"X-AspNet-Version Response Header","param":"","attack":"","name":"X-AspNet-Version Response Header","risk":"Low","id":"1288","alertRef":"10061"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"POST","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":294,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1289","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"","method":"POST","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":294,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1290","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":306,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"1298","alertRef":"10010"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: ASPSESSIONIDSUCBABCC","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":306,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"1299","alertRef":"10054-1"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":306,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1304","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":306,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1305","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":306,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1309","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","sourceid":"3","other":"","method":"GET","evidence":"Microsoft-IIS/10.0","pluginId":"10036","cweid":"497","confidence":"High","sourceMessageId":307,"wascid":"13","description":"The web/application server is leaking version information via the \"Server\" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.","messageId":"307","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","WSTG-v42-INFO-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server","CWE-497":"https://cwe.mitre.org/data/definitions/497.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#servertokens\nhttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress the \"Server\" header or provide generic details.","alert":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","param":"","attack":"","name":"Server Leaks Version Information via \"Server\" HTTP Response Header Field","risk":"Low","id":"1324","alertRef":"10036-2"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":307,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"307","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1325","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":307,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"307","inputVector":"","url":"https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"1326","alertRef":"10021"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":369,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"369","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1333","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/2021-07-29.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":370,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"370","inputVector":"","url":"https://ep.gov.pk/2021-07-29.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1348","alertRef":"10037"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex.pdf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":371,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"371","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"1350","alertRef":"10035-1"},{"nodeName":"https://ep.gov.pk/Tender_Notice\\fedex.pdf","sourceid":"3","other":"","method":"GET","evidence":"X-Powered-By: ASP.NET","pluginId":"10037","cweid":"497","confidence":"Medium","sourceMessageId":371,"wascid":"13","description":"The web/application server is leaking information via one or more \"X-Powered-By\" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.","messageId":"371","inputVector":"","url":"https://ep.gov.pk/Tender_Notice%5Cfedex.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-INFO-08":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework\nhttps://www.troyhunt.com/shhh-dont-let-your-response-headers/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to suppress \"X-Powered-By\" headers.","alert":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","param":"","attack":"","name":"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)","risk":"Low","id":"1352","alertRef":"10037"}],"Informational":[{"nodeName":"https://ep.gov.pk/","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://ep.gov.pk/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"8","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":53,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"28","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/international_tracking.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":53,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"53","inputVector":"","url":"https://ep.gov.pk/international_tracking.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"41","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/CallCenter/OverlayPage.htm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":63,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"63","inputVector":"","url":"https://ep.gov.pk/CallCenter/OverlayPage.htm","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"68","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":69,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"87","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":85,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"85","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"95","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/services/same_day_delivery.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":82,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"82","inputVector":"","url":"https://ep.gov.pk/services/same_day_delivery.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"99","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":141,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"148","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":95,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"151","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":147,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"152","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/F_C/Facilitation_centres.html","sourceid":"3","other":"No links have been found while there are scripts, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":85,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"85","inputVector":"","url":"https://ep.gov.pk/F_C/Facilitation_centres.html","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"160","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/awards.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":208,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"208","inputVector":"","url":"https://ep.gov.pk/awards.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"169","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":168,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"168","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"192","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":96,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"208","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Compat.Timer.Timer.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":".Compat.Timer.Timer.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":203,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"203","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"216","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":84,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"220","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":136,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"225","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":161,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"231","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":176,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"249","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":147,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"293","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/Tender.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":96,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"96","inputVector":"","url":"https://ep.gov.pk/Tender.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"312","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":204,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"334","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/services/isp_intro.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":155,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"155","inputVector":"","url":"https://ep.gov.pk/services/isp_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"340","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/specialoffers.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":95,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"95","inputVector":"","url":"https://ep.gov.pk/specialoffers.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"352","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":69,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"356","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/services/fms_intro.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":147,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"147","inputVector":"","url":"https://ep.gov.pk/services/fms_intro.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"373","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":69,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"386","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":156,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"156","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"387","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":141,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"141","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"392","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/calculatepostage.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":84,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"84","inputVector":"","url":"https://ep.gov.pk/calculatepostage.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"404","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/aboutus.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":204,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"204","inputVector":"","url":"https://ep.gov.pk/aboutus.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"436","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/services.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":69,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"69","inputVector":"","url":"https://ep.gov.pk/services.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"438","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/services/ums_intro.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":161,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"161","inputVector":"","url":"https://ep.gov.pk/services/ums_intro.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"453","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/services/cod_intro.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":175,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"175","inputVector":"","url":"https://ep.gov.pk/services/cod_intro.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"464","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/RestHouse.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":136,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"136","inputVector":"","url":"https://ep.gov.pk/RestHouse.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"472","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":176,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"176","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"478","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/tariff/emo_tariff.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":222,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"222","inputVector":"","url":"https://ep.gov.pk/tariff/emo_tariff.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"512","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":227,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"525","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":225,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"528","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":237,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"237","inputVector":"","url":"https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"541","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/sitemap.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":227,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"227","inputVector":"","url":"https://ep.gov.pk/sitemap.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"598","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/services/umsovernight_intro.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"High","sourceMessageId":225,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"225","inputVector":"","url":"https://ep.gov.pk/services/umsovernight_intro.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"605","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":221,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"631","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Common.Threading.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"it.Common.Threading.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":231,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"231","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=ccE8YupVPY4KvSRgDTm0I-eQnmG_w1Bh7b4Gui3L7OZO3ESVFskCHY9TFLuJZhOpL2enFk9IjcmX3Ge6I4Dz3s80_DtunuCDB494JdJpWFc495Ra8NlVFgd4nb_N2Mp_tarnv2iW3swixlRHy8tfqceBkL7KjsDvLPvA93HmRns1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"636","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/services/emsp_intro.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":221,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"221","inputVector":"","url":"https://ep.gov.pk/services/emsp_intro.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"654","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Common.Common.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"olkit.Common.Common.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":217,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"656","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"/// presence of a watermark (which may be visible to the user but which\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"y be visible to the user but which","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":217,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"657","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/// This is NOT the same as $clearHandlers which removes all delegates from a DomElement. This rather removes select delegates \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"This rather removes select delegates ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":217,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"658","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 16 times, the first in likely comment: \"/// The position is relative from the elements nearest position:relative or\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"osition is relative from the elements neares","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":217,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"659","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 2 times, the first in likely comment: \"/// element that is currently being displayed. This is especially useful for scenarios where\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"seful for scenarios where","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":217,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"217","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"660","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 8 times, the first in likely comment: \"// Name: MicrosoftAjax.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" MicrosoftAjax.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":235,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"235","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cc2LHxWkDOV1k29cK4xi1w-0cvrv7oTUWaiW8TpxpXlvZsjetUMyol4Ct4aa2s-b26te8WbeNinTr_Nm1UQQwRxT803Vtq9R_UuDfzDFv-XjpAa5f1d4KkBIOUHf_EqtMNHEH_cDJaDywNNVKdSV78SmojI0JErJvgKtg_AIeRmBxc1F9YGvmeL4I4D_DZYx0&t=363be08","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"682","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"718","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nTextBoxCustomBookingOffice=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"TextBoxCustomBookingOffice","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"719","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeEmail=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeEmail","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"720","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeMobile=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeMobile","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"721","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtSenderEmail=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtSenderEmail","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"724","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxt_BookingDate=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txt_BookingDate","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"729","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxt_ComplainantName=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txt_ComplainantName","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"730","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nDDDistrict=1017\n\nThe user-controlled value was:\n1017","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"DDDistrict","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"732","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [type] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":241,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"241","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"733","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":249,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"767","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":254,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"254","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"779","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":270,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"270","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"788","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":270,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"270","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"792","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [span] tag [tabindex] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n13","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":270,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"270","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"793","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":273,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"273","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"794","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nImageButton2=Cancel\n\nThe user-controlled value was:\ncancel","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":273,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"273","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton2","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"801","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":249,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"249","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"805","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=643410F7\n\nThe user-controlled value was:\n643410f7","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":263,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"817","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender10_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":253,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"253","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender10_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"838","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":263,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"263","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"843","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender6_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":253,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"253","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender6_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"844","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":258,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"846","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender7_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":253,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"253","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender7_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"847","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":258,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"850","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nDDDistrict=1017\n\nThe user-controlled value was:\n1017","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":258,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"DDDistrict","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"857","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [type] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":258,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"258","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"865","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATE=/wEPDwUJMTQwODM2Mzg3D2QWAgIDDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICBg9kFgJmD2QWBgIBD2QWCgICD2QWBAIBD2QWAgIBDw8WAh4EVGV4dGVkZAIDD2QWAgIBDxAPFgYeDkRhdGFWYWx1ZUZpZWxkBQ5uU2VydmljZVR5cGVJRB4NRGF0YVRleHRGaWVsZAUTc3RyU2VydmljZVR5cGVUaXRsZR4LXyFEYXRhQm91bmRnZBAVEQNVTVMDVU1PA0ZNTwNFTVMCUkwCUFIDTU9TA1ZQUANWUEwHR2VuZXJhbANDT0QIRU1TIFBsdXMLUGFyY2VsIEludGwHUkwgSW50bApJbnN1cmVkIFJMDkluc3VyZWQgUGFyY2VsA09WThURATQBNQE2ATcBOAE5AjEwAjExAjEyAjE0AjE2AjE3AjE4AjE5AjIwAjIxAjIyFCsDEWdnZ2dnZ2dnZ2dnZ2dnZ2dnFgFmZAIED2QWAgIDD2QWAgIBDxAPFgYfAwUQc3RyQ2F0ZWdvcnlUaXRsZR8CBQtuQ2F0ZWdvcnlJRB8EZ2QQFQQMTm9uIERlbGl2ZXJ5B0RlbGF5ZWQOV3JvbmcgRGVsaXZlcnkJUGlsZmVyYWdlFQQCMTICMTMCMTQCMTUUKwMEZ2dnZ2RkAgUPZBYCAgEPZBYCAgEPD2QWAh4IcmVhZG9ubHkFBHRydWVkAgkPZBYEAgEPZBYCAgEPEA8WBh8CBQNuaWQfAwULc3RyQ2l0eU5hbWUfBGdkEBVqCUlzbGFtYWJhZAVLb2hhdAZMYWhvcmUGUXVldHRhB0thcmFjaGkIUGVzaGF3YXIKUmF3YWxwaW5kaQZNdWx0YW4JSHlkZXJhYmFkBUhhbmd1BlN1a2t1cgpCYWhhd2FscHVyCUQuSS4gS2hhbgpBYmJvdHRhYmFkCkZhaXNhbGFiYWQMTXV6YWZmYXJhYmFkDUludGVybmF0aW9uYWwGVHVyYmF0B0todXpkYXIEU2liaQdMb3JhbGFpBk11cnJlZQhUYWxhZ2FuZwlNaXJwdXIgQUsITWlhbndhbGkGR2lsZ2l0BkpoZWx1bQZBdHRvY2sITWFsYWthbmQGTWFyZGFuBkhhemFyYQVCYW5udQdDaGl0cmFsCEJhdGtoZWxhCU5vd3NoZWhyYQlDaGFyc2FkZGEHSGFyaXB1cghNYW5zZWhyYQVLYXJhawRUYW5rDFNhaWR1IFNoYXJpZgVKaGFuZwhTYXJnb2RoYQVLb3RsaQRCYWdoDlRvYmEgVGVrIFNpbmdoB0todXNoYWILU2hlaWtodXB1cmEJSmFyYW53YWxhCkd1anJhbndhbGEFT2thcmEHU2FoaXdhbAlXYXppcmFiYWQGR3VqcmF0D01hbmRpIEJhaGF1ZGRpbgdOYXJvd2FsBlBhc3J1cgVEYXNrYQlIYWZpemFiYWQHU2lhbGtvdA1TaWFsa290IENhbnR0CU5hd2Fic2hhaA5SYWhpbSBZYXIgS2hhbgdMb2RocmFuBlZlaGFyaQhLaGFuZXdhbA1NdXphZmZhciBHYXJoBkxheXlhaA9EZXJhIEdoYXppIEtoYW4NQmFoYXdhbCBOYWdhcglQYWtwYXR0YW4JU2FkaXFhYmFkCFJhamFucHVyBlNJSEFMQQVNQUxJUgdTSEFIS09UCVJhd2FsYWtvdAtNaXJwdXIgS2hhcwVLYWxhbQVLYXN1cgdDaGFrd2FsCkd1amFyIEtoYW4JSmFjb2JhYmFkB0xhcmthbmELTGFraSBNYXJ3YXQGU2thcmR1CEphbXNob3JvB0JoaW1iZXIJUGFsbGFuZHJpB0JoYWtrYXIGS2FodXRhCVdhaCBDYW50dApGYXRlaCBKYW5nBERhZHUNS2hhaXJwdXIgTWlycwlTaGlrYXJwdXIGR2hvdGtpB1NhbmdoYXIHTWF0aWFyaQdLaGFyaWFuDVNhcmFpIEFsYW1naXIITGFsYW11c2ENS2hhcmlhbiBDYW50dAdDaGluaW90Ckh1YiBDaG93a2kJTGF0aWZhYmFkFWoBMQE0ATUBNgE4ATkCMTACMTECMTMCMTQCMTUCMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzICMzMCMzQCMzUCMzYCMzcCMzgCMzkCNDACNDECNDICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTECNTICNTMCNTQCNTUCNTYCNTcCNTgCNTkCNjACNjECNjICNjMCNjQCNjYCNjgCNjkCNzACNzECNzICNzMCNzUCNzYCNzcCNzgCNzkCODACODECODMCODQCODUCODYCODcCODgCODkCOTACOTECOTICOTMCOTQCOTUCOTYCOTcCOTgCOTkDMTAwAzEwMQMxMDIDMTAzAzEwNAMxMDUDMTA2AzEwNwMxMDgDMTA5AzExMAMxMTEDMTEyAzExMwMxMTQDMTE1FCsDamdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIDD2QWAgIBDxAPFgYfAgUDbmlkHwMFC3N0ckNpdHlOYW1lHwRnZBAVaglJc2xhbWFiYWQFS29oYXQGTGFob3JlBlF1ZXR0YQdLYXJhY2hpCFBlc2hhd2FyClJhd2FscGluZGkGTXVsdGFuCUh5ZGVyYWJhZAVIYW5ndQZTdWtrdXIKQmFoYXdhbHB1cglELkkuIEtoYW4KQWJib3R0YWJhZApGYWlzYWxhYmFkDE11emFmZmFyYWJhZA1JbnRlcm5hdGlvbmFsBlR1cmJhdAdLaHV6ZGFyBFNpYmkHTG9yYWxhaQZNdXJyZWUIVGFsYWdhbmcJTWlycHVyIEFLCE1pYW53YWxpBkdpbGdpdAZKaGVsdW0GQXR0b2NrCE1hbGFrYW5kBk1hcmRhbgZIYXphcmEFQmFubnUHQ2hpdHJhbAhCYXRraGVsYQlOb3dzaGVocmEJQ2hhcnNhZGRhB0hhcmlwdXIITWFuc2VocmEFS2FyYWsEVGFuawxTYWlkdSBTaGFyaWYFSmhhbmcIU2FyZ29kaGEFS290bGkEQmFnaA5Ub2JhIFRlayBTaW5naAdLaHVzaGFiC1NoZWlraHVwdXJhCUphcmFud2FsYQpHdWpyYW53YWxhBU9rYXJhB1NhaGl3YWwJV2F6aXJhYmFkBkd1anJhdA9NYW5kaSBCYWhhdWRkaW4HTmFyb3dhbAZQYXNydXIFRGFza2EJSGFmaXphYmFkB1NpYWxrb3QNU2lhbGtvdCBDYW50dAlOYXdhYnNoYWgOUmFoaW0gWWFyIEtoYW4HTG9kaHJhbgZWZWhhcmkIS2hhbmV3YWwNTXV6YWZmYXIgR2FyaAZMYXl5YWgPRGVyYSBHaGF6aSBLaGFuDUJhaGF3YWwgTmFnYXIJUGFrcGF0dGFuCVNhZGlxYWJhZAhSYWphbnB1cgZTSUhBTEEFTUFMSVIHU0hBSEtPVAlSYXdhbGFrb3QLTWlycHVyIEtoYXMFS2FsYW0FS2FzdXIHQ2hha3dhbApHdWphciBLaGFuCUphY29iYWJhZAdMYXJrYW5hC0xha2kgTWFyd2F0BlNrYXJkdQhKYW1zaG9ybwdCaGltYmVyCVBhbGxhbmRyaQdCaGFra2FyBkthaHV0YQlXYWggQ2FudHQKRmF0ZWggSmFuZwREYWR1DUtoYWlycHVyIE1pcnMJU2hpa2FycHVyBkdob3RraQdTYW5naGFyB01hdGlhcmkHS2hhcmlhbg1TYXJhaSBBbGFtZ2lyCExhbGFtdXNhDUtoYXJpYW4gQ2FudHQHQ2hpbmlvdApIdWIgQ2hvd2tpCUxhdGlmYWJhZBVqATEBNAE1ATYBOAE5AjEwAjExAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxAjMyAjMzAjM0AjM1AjM2AjM3AjM4AjM5AjQwAjQxAjQyAjQzAjQ0AjQ1AjQ2AjQ3AjQ4AjQ5AjUxAjUyAjUzAjU0AjU1AjU2AjU3AjU4AjU5AjYwAjYxAjYyAjYzAjY0AjY2AjY4AjY5AjcwAjcxAjcyAjczAjc1Ajc2Ajc3Ajc4Ajc5AjgwAjgxAjgzAjg0Ajg1Ajg2Ajg3Ajg4Ajg5AjkwAjkxAjkyAjkzAjk0Ajk1Ajk2Ajk3Ajk4Ajk5AzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0AzExNRQrA2pnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCEA9kFgJmD2QWBAIBDxAPFgYfAgUKRGlzdHJpY3RJZB8DBQ1EaXN0cmljdF9OYW1lHwRnZBAVxwEADiAgTVVaQUZGQVJBQkFECUFiYm90YWJhZApBYmJvdHRhYmFkB0FzdG9yZSAFQXRvY2sHQXR0b2NrIAdBd2FyYW4gCEIuIE5hZ2FyBUJhZGluCEJhZ2ggQS5LB0JhZ2ggQUsRQmFnaCBBSy4gQmFnaCBBLksKQmFoYXdhbHB1cg1CYWpvdXIgQWdlbmN5BUJhbm51BkJhbm51LgdCYXJraGFuCUJhdHRhZ3JhbQVCaGFnIAdCaGFra2FyB0JoaW1iZXINQmhpbWJlciAoQS5LKQVCb2xhbgZDaGFnYWkHQ2hhZ2hpIAdDaGFrd2FsCUNoYXJzYWRkYQhDaGluaW90IAdDaGl0cmFsCEQuSS5LSEFOBERhZHUSRGVhciBNdXJhZCBKYW1hbGkgD0RlcmEgQWxsYWggWWFyIBBEZXJhIEFsbGFoYSBZYXIgCkRlcmEgQnVndGkSRGVyYSBNdXJhZCBKYW1hbGkgB0RHIEtoYW4GRGlhbWVyCURpciBMb3dlcglEaXIgVXBwZXILRGlzdHQgQnVuaXIERHVraQtGUiBELkkuS2hhbgdGUiBUQU5LBkZzZCBEbgdGc2QgR1BPCUdhbmRha2hhIAhHYXdhZGFyIAdHaGFuY2hlBkdoaXplcgZHaG90a2kGR2lsZ2l0C0d1anJhbndhbGEgBkd1anJhdAVIYW5ndQdIYXJpcHVyBkhhcm5haQ9IYXR0aWFuIEJhbGEgQUsKSGF2ZWxpIEEuSwlIYXZlbGkgQUsFSHVuemEJSHlkZXJhYmFkCUlzbGFtYWJhZAlKYWNvYmFiYWQLSmFmZmVyYWJhZCAISmFtc2hvcm8MSmhhbCBNYWdhc2kgCkpoYWwgTWFnc2kGSmhhbmcgBkpoZWx1bQVKdWRiYQVLYWNoIA1LYWNoaGkgQm9sYW4gDUthY2hpIChCb2xhbikGS2FsYXQgFEthbWJlciBAIFNoYWhkYWQga290FUthbWJlciBhdCBTaGFoZGFkIGtvdA9LYXJhY2hpIENlbnRyYWwMS2FyYWNoaSBFYXN0DUthcmFjaGkgU291dGgMS2FyYWNoaSBXZXN0BUthcmFrFEthc2htb3JlIEAgS2FuZGgga290BUthc3VyBEtlY2gIS2hhaXJwdXIQS2hhaXJwdXIgTWly4oCZcwhLaGFuZXdhbAdLaGFyYW4gCEtoYXJtYW5nB0todXNoYWIIS2h1emRhciAGS2lsbGEgDktpbGxhIEFiZHVsbGFoD0tpbGxhIFNhaWZ1bGxhaA9LaWxsYWggQWJkdWxsYWgPS2lsbGkgQWJkdWxsYWggEEtpbGxpU2FpZiBVbGxhaCAFS09oYXQIS29oaXN0YW4GS29obHUgB0tvcmFuZ2kLS290bGkgKEEuSykIS290bGkgQUsGTGFob3JlDExha2tpIE1hcndhdA5MYWtraSBNYXJ3YXQuIAdMYXJrYW5hCExhc2JlbGEgBkxheXlhaAVMZWhyaQVMZXJoaQhMb2RocmFuIAdMb3JhbGFpCk0uIEFiYWQgQUsITS5CLiBEaW4HTS5CLkRpbgVNYWNoIAdNYWl3YW5kCU1hbGFrYW5kIAVNYWxpcgtNYW5qaGkgUHVyIAhNYW5zZWhyYQdNYXJkYW4gCE1hc3R1bmcgB01hdGlhcmkITWlhbndhbGkJTWlhbnd3YWxpDE1pcnB1ciAoQS5LKQlNaXJwdXIgQUsKTWlycHVya2hhcwdNdWx0YW4gCk11bHRhbiBHUE8ITXVzYWtoZWwNTXV6YWZmYXIgR2FyaAZOLlcuQS4FTmFnYXIHTmFua2FuYQhOYXJvd2FsIApOYXNpcmFiYWQgD05hdXNoYXJvIEZlcm96ZQlOYXdhYnNoYWgJTmVlbHVtIEFLCE5vd3NoZXJhB051c2hraSAFT2thcmEJUGFrcGF0dGFuCFBhbmpndXIgCFBlc2hhd2FyB1Bpc2hpbiAGUG9vbmNoCFEuUy5QdXJhBlF1ZXR0YQpSLlkuIEtoYW4gCFJhamFucHVyC1Jhd2FscGluZGkgCFNhaGl3YWwgDVNhaWR1IFNoYXJpZiAHU2FuZ2hhcgZTYW5uaSAIU2FyZ29kaGEHU2dkIEdQTxNTaGFoZWVkIEJlbmF6aXJhYmFkB1NoYW5nbGELU2hlaWtodXB1cmEHU2hlcmFuaQZTaGlnYXIJU2hpa2FycHVyCFNpYWxrb3QgBVNpYmkgBlNrYXJkdQtTb2JhdGggUHVyIAZTb2hiYXQKU29oYmF0IFB1chhTT1VUSCBXQVpJUklTVEFOIEFHRU5DWSAbU09VVEggV0FaSVJJU1RBTiBBR0VOQ1kgU1dBCVN1ZGhhbm90aQhTdWRobm90aQdTdWphd2FsBlN1a2t1chNTdXJhYiBTaWthbmRhcmFiYWQgBVN3YWJpBFN3YXQIVC5NLmtoYW4LVC5ULiBTaW5naCAKVC5ULlNpbmdoIA5UYW5kbyBBbGxhaHlhchNUYW5kbyBNdWhhbW1hZCBLaGFuBFRhbmsEVGhhcgZUaGF0dGEHVHVyYmF0IAdVbWVya290DlVzdGEgTXVoYW1tYWQgB1ZlaGFyaSAHV2FzaHVrIARaaG9iBlppYXJhdBXHAQQxMDE3BDEwNTYEMTA1MAExBDEwMzkEMTAyMQQxMDE0ATIBMwE0BDEwMzUEMTA1MQQxMDQ0ATUBNgE3ATgBOQIxMAIxMQQxMDMxBDEwNTgEMTAxNgIxMgIxMwIxNAQxMDE4AjE1BDEwNDACMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQEMTA0MgIyNQIyNgIyNwIyOAIyOQIzMAQxMDEzBDEwMjACMzECMzIEMTA0NwQxMDQzAjMzBDEwNDgEMTAzNAQxMDE1AjM0AjM1AjM2BDEwNjEEMTAyMwQxMDI1BDEwMjQCMzcEMTAwNgIzOAIzOQI0MAI0MQI0MgQxMDQ2BDEwMTICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTACNTECNTICNTMCNTQCNTUEMTAzMAI1NgI1NwI1OAI1OQI2MAQxMDI2BDEwMjkCNjECNjICNjMCNjQCNjUCNjYCNjcCNjgCNjkCNzACNzEEMTAzMgQxMDAzBDEwNTICNzICNzMCNzQCNzUCNzYCNzcCNzgCNzkCODAEMTA2MAQxMDEwBDEwMDICODECODICODMCODQCODUCODYCODcCODgCODkEMTAwNwQxMDQ1BDEwNTUEMTA1OQI5MAI5MQI5MgI5MwI5NAI5NQQxMDQ5BDEwMTEEMTA1NwI5NgI5NwI5OAQxMDA4Ajk5AzEwMAQxMDM4AzEwMQMxMDIDMTAzAzEwNAQxMDQxBDEwMzMDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgQxMDM2BDEwMDUDMTEzAzExNAQxMDA0AzExNQQxMDM3AzExNgQxMDU0AzExNwQxMDE5AzExOAMxMTkDMTIwAzEyMQMxMjIEMTAyOAQxMDUzAzEyMwMxMjQDMTI1AzEyNgMxMjcDMTI4BDEwMjIEMTAyNwMxMjkDMTMwAzEzMQMxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MBQrA8cBZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCAw8QZGQWAGQCBQ9kFggCCw9kFgICAw9kFgICAQ8PFgIfAWVkZAIMD2QWAgIBD2QWAgIBDw8WAh8BZWRkAg0PZBYCAgEPZBYCAgEPDxYCHwFlZGQCDg9kFgICAQ9kFgICAQ8PFgIfAWVkZAIHDw8WAh8BZWRkZBWUfrDu0i9iLQy+YKke8fzb9jEYEH9UTcGyrRcx7TUI\n\nThe user-controlled value was:\n/wepdwujmtqwodm2mzg3d2qwagiddxychgdlbmn0exblbrntdwx0axbhcnqvzm9ybs1kyxrhfgicbg9kfgjmd2qwbgibd2qwcgicd2qwbaibd2qwagibdw8wah4evgv4dgvkzaidd2qwagibdxapfgyedkrhdgfwywx1zuzpzwxkbq5uu2vydmljzvr5cgvjrb4nrgf0yvrlehrgawvszautc3ryu2vydmljzvr5cgvuaxrszr4lxyfeyxrhqm91bmrnzbaveqnvtvmdvu1pa0zntwnftvmcukwcufidtu9ta1zquanwuewhr2vuzxjhbandt0qiru1tifbsdxmlugfyy2vsieludgwhukwgsw50bapjbnn1cmvkifjmdkluc3vyzwqgugfyy2vsa09wthuratqbnqe2atcboae5ajewajexajeyaje0aje2aje3aje4aje5ajiwajixajiyfcsdewdnz2dnz2dnz2dnz2dnz2dnfgfmzaied2qwagidd2qwagibdxapfgyfawuqc3ryq2f0zwdvcnluaxrszr8cbqtuq2f0zwdvcnljrb8ez2qqfqqmtm9uierlbgl2zxj5b0rlbgf5zwqov3jvbmcgrgvsaxzlcnkjuglszmvyywdlfqqcmticmtmcmtqcmtuukwmez2dnz2rkagupzbycagepzbycagepd2qwah4icmvhzg9ubhkfbhrydwvkagkpzbyeagepzbycagepea8wbh8cbqnuawqfawulc3ryq2l0eu5hbwufbgdkebvqculzbgftywjhzavlb2hhdazmywhvcmuguxvldhrhb0thcmfjagkiugvzagf3yxikumf3ywxwaw5kaqzndwx0yw4jshlkzxjhymfkbuhhbmd1bln1a2t1cgpcywhhd2fschvycuquss4gs2hhbgpbymjvdhrhymfkckzhaxnhbgfiywqmtxv6ywzmyxjhymfkduludgvybmf0aw9uywwgvhvyymf0b0todxpkyxieu2liaqdmb3jhbgfpbk11cnjlzqhuywxhz2fuzwlnaxjwdxigqusitwlhbndhbgkgr2lsz2l0bkpozwx1bqzbdhrvy2sitwfsywthbmqgtwfyzgfubkhhemfyyqvcyw5udqddagl0cmfscejhdgtozwxhcu5vd3nozwhyyqldagfyc2fkzgehsgfyaxb1cghnyw5zzwhyyqvlyxjhawruyw5rdfnhawr1ifnoyxjpzgvkagfuzwhtyxjnb2royqvlb3rsaqrcywdodlrvymegvgvrifnpbmdob0todxnoywilu2hlawtodxb1cmejsmfyyw53ywxhckd1anjhbndhbgeft2thcmehu2foaxdhbalxyxppcmfiywqgr3vqcmf0d01hbmrpiejhagf1zgrpbgdoyxjvd2fsblbhc3j1cgveyxnryqliywzpemfiywqhu2lhbgtvda1tawfsa290ienhbnr0cu5hd2fic2hhaa5sywhpbsbzyxigs2hhbgdmb2rocmfublzlagfyaqhlagfuzxdhba1ndxphzmzhcibhyxjobkxhexlhaa9ezxjhiedoyxppietoyw4nqmfoyxdhbcboywdhcglqywtwyxr0yw4ju2fkaxfhymfkcfjhamfuchvyblnjsefmqqvnquxjugdtsefis09ucvjhd2fsywtvdatnaxjwdxigs2hhcwvlywxhbqvlyxn1cgddagfrd2fsckd1amfyietoyw4jsmfjb2jhymfkb0xhcmthbmeltgfrasbnyxj3yxqgu2thcmr1cephbxnob3jvb0joaw1izxijugfsbgfuzhjpb0joywtryxigs2fodxrhcvdhacbdyw50dapgyxrlacbkyw5nberhzhuns2hhaxjwdxigtwlycwltaglryxjwdxigr2hvdgtpb1nhbmdoyxihtwf0awfyaqdlagfyawfudvnhcmfpiefsyw1naxiitgfsyw11c2ens2hhcmlhbibdyw50daddagluaw90ckh1yibdag93a2kjtgf0awzhymfkfwobmqe0atubnge4atkcmtacmtecmtmcmtqcmtucmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqcmjucmjycmjccmjgcmjkcmzacmzecmzicmzmcmzqcmzucmzycmzccmzgcmzkcndacndecndicndmcndqcnducndycndccndgcndkcntecnticntmcntqcntucntycntccntgcntkcnjacnjecnjicnjmcnjqcnjycnjgcnjkcnzacnzecnzicnzmcnzucnzycnzccnzgcnzkcodacodecodmcodqcoducodycodccodgcodkcotacotecoticotmcotqcotucotycotccotgcotkdmtawazewmqmxmdidmtazazewnamxmdudmta2azewnwmxmdgdmta5azexmamxmtedmteyazexmwmxmtqdmte1fcsdamdnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dkzaidd2qwagibdxapfgyfagudbmlkhwmfc3n0cknpdhloyw1lhwrnzbavagljc2xhbwfiywqfs29oyxqgtgfob3jlblf1zxr0yqdlyxjhy2hpcfblc2hhd2fycljhd2fscgluzgkgtxvsdgfucuh5zgvyywjhzaviyw5ndqztdwtrdxikqmfoyxdhbhb1cglelkkuietoyw4kqwjib3r0ywjhzapgywlzywxhymfkde11emfmzmfyywjhza1jbnrlcm5hdglvbmfsblr1cmjhdadlahv6zgfybfnpymkhtg9yywxhaqzndxjyzwuivgfsywdhbmcjtwlychvyieflce1pyw53ywxpbkdpbgdpdazkagvsdw0gqxr0b2nrce1hbgfryw5kbk1hcmrhbgziyxphcmefqmfubnuhq2hpdhjhbahcyxrragvsyqlob3dzagvocmejq2hhcnnhzgrhb0hhcmlwdxiitwfuc2vocmefs2fyywsevgfuawxtywlkdsbtagfyawyfsmhhbmciu2fyz29kagefs290bgkeqmfnaa5ub2jhifrlaybtaw5naadlahvzagfic1nozwlrahvwdxjhcuphcmfud2fsyqphdwpyyw53ywxhbu9ryxjhb1nhagl3ywwjv2f6axjhymfkbkd1anjhda9nyw5kasbcywhhdwrkaw4htmfyb3dhbazqyxnydxifrgfza2ejsgfmaxphymfkb1npywxrb3qnu2lhbgtvdcbdyw50daloyxdhynnoywgoumfoaw0gwwfyietoyw4htg9kahjhbgzwzwhhcmkis2hhbmv3ywwntxv6ywzmyxigr2fyaazmyxl5ywgprgvyysbhagf6asblagfudujhagf3ywwgtmfnyxijugfrcgf0dgfucvnhzglxywjhzahsywphbnb1cgztsuhbteeftufmsvihu0hbsetpvalsyxdhbgfrb3qltwlychvyietoyxmfs2fsyw0fs2fzdxihq2hha3dhbaphdwphciblagfucuphy29iywjhzadmyxjryw5hc0xha2kgtwfyd2f0blnryxjkdqhkyw1zag9ybwdcagltymvycvbhbgxhbmryaqdcagfra2fybkthahv0yqlxywggq2fudhqkrmf0zwggsmfuzwreywr1dutoywlychvyie1pcnmju2hpa2fychvybkdob3rraqdtyw5nagfyb01hdglhcmkhs2hhcmlhbg1tyxjhasbbbgftz2lycexhbgftdxnhdutoyxjpyw4gq2fudhqhq2hpbmlvdapidwigq2hvd2tpcuxhdglmywjhzbvqatebnae1atyboae5ajewajexajezaje0aje1aje2aje3aje4aje5ajiwajixajiyajizaji0aji1aji2aji3aji4aji5ajmwajmxajmyajmzajm0ajm1ajm2ajm3ajm4ajm5ajqwajqxajqyajqzajq0ajq1ajq2ajq3ajq4ajq5ajuxajuyajuzaju0aju1aju2aju3aju4aju5ajywajyxajyyajyzajy0ajy2ajy4ajy5ajcwajcxajcyajczajc1ajc2ajc3ajc4ajc5ajgwajgxajgzajg0ajg1ajg2ajg3ajg4ajg5ajkwajkxajkyajkzajk0ajk1ajk2ajk3ajk4ajk5azewmamxmdedmtayazewmwmxmdqdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgmxmtmdmte0azexnrqra2pnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzgqcea9kfgjmd2qwbaibdxapfgyfagukrglzdhjpy3rjzb8dbq1eaxn0cmljdf9oyw1lhwrnzbavxweadiagtvvaquzgqvjbqkfecufiym90ywjhzapbymjvdhrhymfkb0fzdg9yzsafqxrvy2shqxr0b2nriadbd2fyyw4gceiuie5hz2fybujhzglucejhz2ggqs5lb0jhz2ggqusrqmfnacbbsy4gqmfnacbblkskqmfoyxdhbhb1cg1cywpvdxigqwdlbmn5bujhbm51bkjhbm51lgdcyxjragfucujhdhrhz3jhbqvcagfniadcagfra2fyb0joaw1izxinqmhpbwjlciaoqs5lkqvcb2xhbgzdagfnywkhq2hhz2hpiaddagfrd2fscunoyxjzywrkyqhdagluaw90iaddagl0cmfscequss5lsefoberhzhusrgvhcibndxjhzcbkyw1hbgkgd0rlcmegqwxsywggwwfyibbezxjhiefsbgfoysbzyxigckrlcmegqnvndgksrgvyysbndxjhzcbkyw1hbgkgb0rhietoyw4grglhbwvycurpcibmb3dlcgleaxigvxbwzxilrglzdhqgqnvuaxierhvraqtguibelkkus2hhbgdguibuqu5lbkzzzcbebgdgc2qgr1bpcudhbmrha2hhiahhyxdhzgfyiadhagfuy2hlbkdoaxplcgzhag90a2kgr2lsz2l0c0d1anjhbndhbgegbkd1anjhdaviyw5ndqdiyxjpchvybkhhcm5haq9iyxr0awfuiejhbgegqusksgf2zwxpieeuswliyxzlbgkgqusfshvuemejshlkzxjhymfkculzbgftywjhzalkywnvymfiywqlsmfmzmvyywjhzcaismftc2hvcm8msmhhbcbnywdhc2kgckpoywwgtwfnc2kgsmhhbmcgbkpozwx1bqvkdwriyqvlywnoia1lywnoagkgqm9syw4gduthy2hpichcb2xhbikgs2fsyxqgfethbwjlcibaifnoywhkywqga290futhbwjlcibhdcbtagfozgfkigtvda9lyxjhy2hpienlbnryywwms2fyywnoasbfyxn0duthcmfjagkgu291dggms2fyywnoasbxzxn0buthcmfrfethc2htb3jlieags2fuzggga290buthc3vybetly2gis2hhaxjwdxiqs2hhaxjwdxigtwly4oczcwhlagfuzxdhbadlagfyyw4gcetoyxjtyw5nb0todxnoywiis2h1emrhciags2lsbgegdktpbgxhiefizhvsbgfod0tpbgxhifnhawz1bgxhaa9lawxsywggqwjkdwxsywgps2lsbgkgqwjkdwxsywggeetpbgxpu2fpzibvbgxhacafs09oyxqis29oaxn0yw4gs29obhugb0tvcmfuz2kls290bgkgkeeusykis290bgkgqusgtgfob3jldexha2tpie1hcndhda5mywtrasbnyxj3yxquiadmyxjryw5hcexhc2jlbgegbkxhexlhaavmzwhyaqvmzxjoaqhmb2rocmfuiadmb3jhbgfpck0uiefiywqgqusits5clibeaw4hts5clkrpbgvnywnoiadnywl3yw5kcu1hbgfryw5kiavnywxpcgtnyw5qagkguhvyiahnyw5zzwhyyqdnyxjkyw4gce1hc3r1bmcgb01hdglhcmkitwlhbndhbgkjtwlhbnd3ywxpde1pcnb1ciaoqs5lkqlnaxjwdxigqusktwlychvya2hhcwdndwx0yw4gck11bhrhbibhue8itxvzywtozwwntxv6ywzmyxigr2fyaazollcuqs4ftmfnyxihtmfua2fuyqhoyxjvd2fsiapoyxnpcmfiywqgd05hdxnoyxjviezlcm96zqloyxdhynnoywgjtmvlbhvtieflce5vd3nozxjhb051c2hrasaft2thcmejugfrcgf0dgfucfbhbmpndxigcfblc2hhd2fyb1bpc2hpbiagug9vbmnocfeuuy5qdxjhblf1zxr0yqpsllkuietoyw4gcfjhamfuchvyc1jhd2fscgluzgkgcfnhagl3ywwgdvnhawr1ifnoyxjpziahu2fuz2hhcgztyw5uasaiu2fyz29kagehu2dkiedqtxntagfozwvkiejlbmf6axjhymfkb1noyw5nbgelu2hlawtodxb1cmehu2hlcmfuaqztaglnyxiju2hpa2fychvycfnpywxrb3qgbvnpymkgblnryxjkdqttb2jhdggguhvyiaztb2hiyxqku29oymf0ifb1chhtt1vuscbxqvpjukltvefoiefhru5dwsabu09vveggv0fasvjju1rbtibbr0voq1kgu1dbcvn1zghhbm90aqhtdwrobm90aqdtdwphd2fsbln1a2t1chntdxjhyibtawthbmrhcmfiywqgbvn3ywjpbfn3yxqivc5nlmtoyw4lvc5ulibtaw5nacakvc5ullnpbmdoia5uyw5kbybbbgxhahlhchnuyw5kbybndwhhbw1hzcblagfubfrhbmsevghhcgzuagf0dgehvhvyymf0iadvbwvya290dlvzdgegtxvoyw1tywqgb1zlagfyasahv2fzahvriaraag9iblppyxjhdbxhaqqxmde3bdewntyemta1maexbdewmzkemtaymqqxmde0atibmwe0bdewmzuemta1mqqxmdq0atubnge3atgboqixmaixmqqxmdmxbdewntgemtaxngixmgixmwixnaqxmde4aje1bdewndacmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqemta0mgiynqiyngiynwiyoaiyoqizmaqxmdezbdewmjacmzecmziemta0nwqxmdqzajmzbdewndgemtaznaqxmde1ajm0ajm1ajm2bdewnjeemtaymwqxmdi1bdewmjqcmzcemtawngizoaizoqi0mai0mqi0mgqxmdq2bdewmticndmcndqcnducndycndccndgcndkcntacntecnticntmcntqcntuemtazmai1ngi1nwi1oai1oqi2maqxmdi2bdewmjkcnjecnjicnjmcnjqcnjucnjycnjccnjgcnjkcnzacnzeemtazmgqxmdazbdewnticnzicnzmcnzqcnzucnzycnzccnzgcnzkcodaemta2maqxmdewbdewmdicodecodicodmcodqcoducodycodccodgcodkemtawnwqxmdq1bdewntuemta1oqi5mai5mqi5mgi5mwi5nai5nqqxmdq5bdewmteemta1nwi5ngi5nwi5oaqxmda4ajk5azewmaqxmdm4azewmqmxmdidmtazazewnaqxmdqxbdewmzmdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgqxmdm2bdewmdudmtezazexnaqxmda0azexnqqxmdm3azexngqxmdu0azexnwqxmde5azexoamxmtkdmtiwazeymqmxmjiemtayoaqxmduzazeymwmxmjqdmti1azeyngmxmjcdmti4bdewmjiemtaynwmxmjkdmtmwazezmqmxmzidmtmzazeznamxmzudmtm2azeznwmxmzgdmtm5aze0mbqra8cbz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzxybzmqcaw8qzgqwagqcbq9kfggccw9kfgicaw9kfgicaq8pfgifawvkzaimd2qwagibd2qwagibdw8wah8bzwrkag0pzbycagepzbycagepdxychwflzgqcdg9kfgicaq9kfgicaq8pfgifawvkzaihdw8wah8bzwrkzbwufrdu0i9ilqy+ykke8fzb9jeyeh9utcgyrrcx7tui","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATE","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"887","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n13","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"893","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender4_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender4_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"895","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender5_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender5_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"897","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n130","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"938","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n133","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"941","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n134","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"942","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n137","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"945","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,fuplAttatchment,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=13\n\nThe user-controlled value was:\n139","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":262,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"262","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"947","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":280,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"280","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"992","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":300,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1024","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":300,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1034","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":300,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1036","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton3,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [span] tag [tabindex] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n12","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":300,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"300","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1037","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":293,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"293","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1056","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATE=/wEPDwUJMTQwODM2Mzg3D2QWAgIDDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICBg9kFgJmD2QWCgIBDxYCHgdWaXNpYmxlZxYIAgIPZBYEAgEPZBYCAgEPDxYCHgRUZXh0ZWRkAgMPZBYCAgEPEA8WBh4ORGF0YVZhbHVlRmllbGQFDm5TZXJ2aWNlVHlwZUlEHg1EYXRhVGV4dEZpZWxkBRNzdHJTZXJ2aWNlVHlwZVRpdGxlHgtfIURhdGFCb3VuZGdkEBURA1VNUwNVTU8DRk1PA0VNUwJSTAJQUgNNT1MDVlBQA1ZQTAdHZW5lcmFsA0NPRAhFTVMgUGx1cwtQYXJjZWwgSW50bAdSTCBJbnRsCkluc3VyZWQgUkwOSW5zdXJlZCBQYXJjZWwDT1ZOFREBNAE1ATYBNwE4ATkCMTACMTECMTICMTQCMTYCMTcCMTgCMTkCMjACMjECMjIUKwMRZ2dnZ2dnZ2dnZ2dnZ2dnZ2cWAWZkAgUPZBYCAgEPZBYCAgEPD2QWAh4IcmVhZG9ubHkFBHRydWVkAgkPZBYEAgEPZBYCAgEPEA8WBh8DBQNuaWQfBAULc3RyQ2l0eU5hbWUfBWdkEBVqCUlzbGFtYWJhZAVLb2hhdAZMYWhvcmUGUXVldHRhB0thcmFjaGkIUGVzaGF3YXIKUmF3YWxwaW5kaQZNdWx0YW4JSHlkZXJhYmFkBUhhbmd1BlN1a2t1cgpCYWhhd2FscHVyCUQuSS4gS2hhbgpBYmJvdHRhYmFkCkZhaXNhbGFiYWQMTXV6YWZmYXJhYmFkDUludGVybmF0aW9uYWwGVHVyYmF0B0todXpkYXIEU2liaQdMb3JhbGFpBk11cnJlZQhUYWxhZ2FuZwlNaXJwdXIgQUsITWlhbndhbGkGR2lsZ2l0BkpoZWx1bQZBdHRvY2sITWFsYWthbmQGTWFyZGFuBkhhemFyYQVCYW5udQdDaGl0cmFsCEJhdGtoZWxhCU5vd3NoZWhyYQlDaGFyc2FkZGEHSGFyaXB1cghNYW5zZWhyYQVLYXJhawRUYW5rDFNhaWR1IFNoYXJpZgVKaGFuZwhTYXJnb2RoYQVLb3RsaQRCYWdoDlRvYmEgVGVrIFNpbmdoB0todXNoYWILU2hlaWtodXB1cmEJSmFyYW53YWxhCkd1anJhbndhbGEFT2thcmEHU2FoaXdhbAlXYXppcmFiYWQGR3VqcmF0D01hbmRpIEJhaGF1ZGRpbgdOYXJvd2FsBlBhc3J1cgVEYXNrYQlIYWZpemFiYWQHU2lhbGtvdA1TaWFsa290IENhbnR0CU5hd2Fic2hhaA5SYWhpbSBZYXIgS2hhbgdMb2RocmFuBlZlaGFyaQhLaGFuZXdhbA1NdXphZmZhciBHYXJoBkxheXlhaA9EZXJhIEdoYXppIEtoYW4NQmFoYXdhbCBOYWdhcglQYWtwYXR0YW4JU2FkaXFhYmFkCFJhamFucHVyBlNJSEFMQQVNQUxJUgdTSEFIS09UCVJhd2FsYWtvdAtNaXJwdXIgS2hhcwVLYWxhbQVLYXN1cgdDaGFrd2FsCkd1amFyIEtoYW4JSmFjb2JhYmFkB0xhcmthbmELTGFraSBNYXJ3YXQGU2thcmR1CEphbXNob3JvB0JoaW1iZXIJUGFsbGFuZHJpB0JoYWtrYXIGS2FodXRhCVdhaCBDYW50dApGYXRlaCBKYW5nBERhZHUNS2hhaXJwdXIgTWlycwlTaGlrYXJwdXIGR2hvdGtpB1NhbmdoYXIHTWF0aWFyaQdLaGFyaWFuDVNhcmFpIEFsYW1naXIITGFsYW11c2ENS2hhcmlhbiBDYW50dAdDaGluaW90Ckh1YiBDaG93a2kJTGF0aWZhYmFkFWoBMQE0ATUBNgE4ATkCMTACMTECMTMCMTQCMTUCMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzICMzMCMzQCMzUCMzYCMzcCMzgCMzkCNDACNDECNDICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTECNTICNTMCNTQCNTUCNTYCNTcCNTgCNTkCNjACNjECNjICNjMCNjQCNjYCNjgCNjkCNzACNzECNzICNzMCNzUCNzYCNzcCNzgCNzkCODACODECODMCODQCODUCODYCODcCODgCODkCOTACOTECOTICOTMCOTQCOTUCOTYCOTcCOTgCOTkDMTAwAzEwMQMxMDIDMTAzAzEwNAMxMDUDMTA2AzEwNwMxMDgDMTA5AzExMAMxMTEDMTEyAzExMwMxMTQDMTE1FCsDamdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIDD2QWAgIBDxAPFgYfAwUDbmlkHwQFC3N0ckNpdHlOYW1lHwVnZBAVaglJc2xhbWFiYWQFS29oYXQGTGFob3JlBlF1ZXR0YQdLYXJhY2hpCFBlc2hhd2FyClJhd2FscGluZGkGTXVsdGFuCUh5ZGVyYWJhZAVIYW5ndQZTdWtrdXIKQmFoYXdhbHB1cglELkkuIEtoYW4KQWJib3R0YWJhZApGYWlzYWxhYmFkDE11emFmZmFyYWJhZA1JbnRlcm5hdGlvbmFsBlR1cmJhdAdLaHV6ZGFyBFNpYmkHTG9yYWxhaQZNdXJyZWUIVGFsYWdhbmcJTWlycHVyIEFLCE1pYW53YWxpBkdpbGdpdAZKaGVsdW0GQXR0b2NrCE1hbGFrYW5kBk1hcmRhbgZIYXphcmEFQmFubnUHQ2hpdHJhbAhCYXRraGVsYQlOb3dzaGVocmEJQ2hhcnNhZGRhB0hhcmlwdXIITWFuc2VocmEFS2FyYWsEVGFuawxTYWlkdSBTaGFyaWYFSmhhbmcIU2FyZ29kaGEFS290bGkEQmFnaA5Ub2JhIFRlayBTaW5naAdLaHVzaGFiC1NoZWlraHVwdXJhCUphcmFud2FsYQpHdWpyYW53YWxhBU9rYXJhB1NhaGl3YWwJV2F6aXJhYmFkBkd1anJhdA9NYW5kaSBCYWhhdWRkaW4HTmFyb3dhbAZQYXNydXIFRGFza2EJSGFmaXphYmFkB1NpYWxrb3QNU2lhbGtvdCBDYW50dAlOYXdhYnNoYWgOUmFoaW0gWWFyIEtoYW4HTG9kaHJhbgZWZWhhcmkIS2hhbmV3YWwNTXV6YWZmYXIgR2FyaAZMYXl5YWgPRGVyYSBHaGF6aSBLaGFuDUJhaGF3YWwgTmFnYXIJUGFrcGF0dGFuCVNhZGlxYWJhZAhSYWphbnB1cgZTSUhBTEEFTUFMSVIHU0hBSEtPVAlSYXdhbGFrb3QLTWlycHVyIEtoYXMFS2FsYW0FS2FzdXIHQ2hha3dhbApHdWphciBLaGFuCUphY29iYWJhZAdMYXJrYW5hC0xha2kgTWFyd2F0BlNrYXJkdQhKYW1zaG9ybwdCaGltYmVyCVBhbGxhbmRyaQdCaGFra2FyBkthaHV0YQlXYWggQ2FudHQKRmF0ZWggSmFuZwREYWR1DUtoYWlycHVyIE1pcnMJU2hpa2FycHVyBkdob3RraQdTYW5naGFyB01hdGlhcmkHS2hhcmlhbg1TYXJhaSBBbGFtZ2lyCExhbGFtdXNhDUtoYXJpYW4gQ2FudHQHQ2hpbmlvdApIdWIgQ2hvd2tpCUxhdGlmYWJhZBVqATEBNAE1ATYBOAE5AjEwAjExAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxAjMyAjMzAjM0AjM1AjM2AjM3AjM4AjM5AjQwAjQxAjQyAjQzAjQ0AjQ1AjQ2AjQ3AjQ4AjQ5AjUxAjUyAjUzAjU0AjU1AjU2AjU3AjU4AjU5AjYwAjYxAjYyAjYzAjY0AjY2AjY4AjY5AjcwAjcxAjcyAjczAjc1Ajc2Ajc3Ajc4Ajc5AjgwAjgxAjgzAjg0Ajg1Ajg2Ajg3Ajg4Ajg5AjkwAjkxAjkyAjkzAjk0Ajk1Ajk2Ajk3Ajk4Ajk5AzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0AzExNRQrA2pnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCEA9kFgJmD2QWBAIBDxAPFgYfAwUKRGlzdHJpY3RJZB8EBQ1EaXN0cmljdF9OYW1lHwVnZBAVxwEADiAgTVVaQUZGQVJBQkFECUFiYm90YWJhZApBYmJvdHRhYmFkB0FzdG9yZSAFQXRvY2sHQXR0b2NrIAdBd2FyYW4gCEIuIE5hZ2FyBUJhZGluCEJhZ2ggQS5LB0JhZ2ggQUsRQmFnaCBBSy4gQmFnaCBBLksKQmFoYXdhbHB1cg1CYWpvdXIgQWdlbmN5BUJhbm51BkJhbm51LgdCYXJraGFuCUJhdHRhZ3JhbQVCaGFnIAdCaGFra2FyB0JoaW1iZXINQmhpbWJlciAoQS5LKQVCb2xhbgZDaGFnYWkHQ2hhZ2hpIAdDaGFrd2FsCUNoYXJzYWRkYQhDaGluaW90IAdDaGl0cmFsCEQuSS5LSEFOBERhZHUSRGVhciBNdXJhZCBKYW1hbGkgD0RlcmEgQWxsYWggWWFyIBBEZXJhIEFsbGFoYSBZYXIgCkRlcmEgQnVndGkSRGVyYSBNdXJhZCBKYW1hbGkgB0RHIEtoYW4GRGlhbWVyCURpciBMb3dlcglEaXIgVXBwZXILRGlzdHQgQnVuaXIERHVraQtGUiBELkkuS2hhbgdGUiBUQU5LBkZzZCBEbgdGc2QgR1BPCUdhbmRha2hhIAhHYXdhZGFyIAdHaGFuY2hlBkdoaXplcgZHaG90a2kGR2lsZ2l0C0d1anJhbndhbGEgBkd1anJhdAVIYW5ndQdIYXJpcHVyBkhhcm5haQ9IYXR0aWFuIEJhbGEgQUsKSGF2ZWxpIEEuSwlIYXZlbGkgQUsFSHVuemEJSHlkZXJhYmFkCUlzbGFtYWJhZAlKYWNvYmFiYWQLSmFmZmVyYWJhZCAISmFtc2hvcm8MSmhhbCBNYWdhc2kgCkpoYWwgTWFnc2kGSmhhbmcgBkpoZWx1bQVKdWRiYQVLYWNoIA1LYWNoaGkgQm9sYW4gDUthY2hpIChCb2xhbikGS2FsYXQgFEthbWJlciBAIFNoYWhkYWQga290FUthbWJlciBhdCBTaGFoZGFkIGtvdA9LYXJhY2hpIENlbnRyYWwMS2FyYWNoaSBFYXN0DUthcmFjaGkgU291dGgMS2FyYWNoaSBXZXN0BUthcmFrFEthc2htb3JlIEAgS2FuZGgga290BUthc3VyBEtlY2gIS2hhaXJwdXIQS2hhaXJwdXIgTWly4oCZcwhLaGFuZXdhbAdLaGFyYW4gCEtoYXJtYW5nB0todXNoYWIIS2h1emRhciAGS2lsbGEgDktpbGxhIEFiZHVsbGFoD0tpbGxhIFNhaWZ1bGxhaA9LaWxsYWggQWJkdWxsYWgPS2lsbGkgQWJkdWxsYWggEEtpbGxpU2FpZiBVbGxhaCAFS09oYXQIS29oaXN0YW4GS29obHUgB0tvcmFuZ2kLS290bGkgKEEuSykIS290bGkgQUsGTGFob3JlDExha2tpIE1hcndhdA5MYWtraSBNYXJ3YXQuIAdMYXJrYW5hCExhc2JlbGEgBkxheXlhaAVMZWhyaQVMZXJoaQhMb2RocmFuIAdMb3JhbGFpCk0uIEFiYWQgQUsITS5CLiBEaW4HTS5CLkRpbgVNYWNoIAdNYWl3YW5kCU1hbGFrYW5kIAVNYWxpcgtNYW5qaGkgUHVyIAhNYW5zZWhyYQdNYXJkYW4gCE1hc3R1bmcgB01hdGlhcmkITWlhbndhbGkJTWlhbnd3YWxpDE1pcnB1ciAoQS5LKQlNaXJwdXIgQUsKTWlycHVya2hhcwdNdWx0YW4gCk11bHRhbiBHUE8ITXVzYWtoZWwNTXV6YWZmYXIgR2FyaAZOLlcuQS4FTmFnYXIHTmFua2FuYQhOYXJvd2FsIApOYXNpcmFiYWQgD05hdXNoYXJvIEZlcm96ZQlOYXdhYnNoYWgJTmVlbHVtIEFLCE5vd3NoZXJhB051c2hraSAFT2thcmEJUGFrcGF0dGFuCFBhbmpndXIgCFBlc2hhd2FyB1Bpc2hpbiAGUG9vbmNoCFEuUy5QdXJhBlF1ZXR0YQpSLlkuIEtoYW4gCFJhamFucHVyC1Jhd2FscGluZGkgCFNhaGl3YWwgDVNhaWR1IFNoYXJpZiAHU2FuZ2hhcgZTYW5uaSAIU2FyZ29kaGEHU2dkIEdQTxNTaGFoZWVkIEJlbmF6aXJhYmFkB1NoYW5nbGELU2hlaWtodXB1cmEHU2hlcmFuaQZTaGlnYXIJU2hpa2FycHVyCFNpYWxrb3QgBVNpYmkgBlNrYXJkdQtTb2JhdGggUHVyIAZTb2hiYXQKU29oYmF0IFB1chhTT1VUSCBXQVpJUklTVEFOIEFHRU5DWSAbU09VVEggV0FaSVJJU1RBTiBBR0VOQ1kgU1dBCVN1ZGhhbm90aQhTdWRobm90aQdTdWphd2FsBlN1a2t1chNTdXJhYiBTaWthbmRhcmFiYWQgBVN3YWJpBFN3YXQIVC5NLmtoYW4LVC5ULiBTaW5naCAKVC5ULlNpbmdoIA5UYW5kbyBBbGxhaHlhchNUYW5kbyBNdWhhbW1hZCBLaGFuBFRhbmsEVGhhcgZUaGF0dGEHVHVyYmF0IAdVbWVya290DlVzdGEgTXVoYW1tYWQgB1ZlaGFyaSAHV2FzaHVrIARaaG9iBlppYXJhdBXHAQQxMDE3BDEwNTYEMTA1MAExBDEwMzkEMTAyMQQxMDE0ATIBMwE0BDEwMzUEMTA1MQQxMDQ0ATUBNgE3ATgBOQIxMAIxMQQxMDMxBDEwNTgEMTAxNgIxMgIxMwIxNAQxMDE4AjE1BDEwNDACMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQEMTA0MgIyNQIyNgIyNwIyOAIyOQIzMAQxMDEzBDEwMjACMzECMzIEMTA0NwQxMDQzAjMzBDEwNDgEMTAzNAQxMDE1AjM0AjM1AjM2BDEwNjEEMTAyMwQxMDI1BDEwMjQCMzcEMTAwNgIzOAIzOQI0MAI0MQI0MgQxMDQ2BDEwMTICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTACNTECNTICNTMCNTQCNTUEMTAzMAI1NgI1NwI1OAI1OQI2MAQxMDI2BDEwMjkCNjECNjICNjMCNjQCNjUCNjYCNjcCNjgCNjkCNzACNzEEMTAzMgQxMDAzBDEwNTICNzICNzMCNzQCNzUCNzYCNzcCNzgCNzkCODAEMTA2MAQxMDEwBDEwMDICODECODICODMCODQCODUCODYCODcCODgCODkEMTAwNwQxMDQ1BDEwNTUEMTA1OQI5MAI5MQI5MgI5MwI5NAI5NQQxMDQ5BDEwMTEEMTA1NwI5NgI5NwI5OAQxMDA4Ajk5AzEwMAQxMDM4AzEwMQMxMDIDMTAzAzEwNAQxMDQxBDEwMzMDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgQxMDM2BDEwMDUDMTEzAzExNAQxMDA0AzExNQQxMDM3AzExNgQxMDU0AzExNwQxMDE5AzExOAMxMTkDMTIwAzEyMQMxMjIEMTAyOAQxMDUzAzEyMwMxMjQDMTI1AzEyNgMxMjcDMTI4BDEwMjIEMTAyNwMxMjkDMTMwAzEzMQMxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MBQrA8cBZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCAw8QZGQWAGQCAw8WAh8BaGQCBQ8WAh8BaBYYAgIPZBYEAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgMPZBYCAgEPDxYCHwIFA1VNU2RkAgMPZBYCAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgQPZBYCAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgUPZBYCAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgcPZBYEAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgMPZBYCAgEPDxYCHwIFA1pBUGRkAggPZBYEAgEPZBYCAgEPDxYCHwIFBA0KDQpkZAIDD2QWAgIBDw8WAh8CBQQNCg0KZGQCCQ9kFgQCAQ9kFgICAQ8PFgIfAgUFS29oYXRkZAIDD2QWAgIBDw8WAh8CBQVLb2hhdGRkAgoPZBYEAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgMPZBYCAgEPDxYCHwIFA1pBUGRkAgsPZBYEAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgMPZBYCAgEPDxYCHwJlZGQCDA9kFgICAQ9kFgICAQ8PFgIfAmVkZAIND2QWAgIBD2QWAgIBDw8WAh8CZWRkAg4PZBYCAgEPZBYCAgEPDxYCHwJlZGQCBw8PFgIfAmVkZAIPDw8WAh8BZ2RkZFY9j5uRSqDkZKfSY/UyixYoWf0LSSKreGMJcJ6oOrRW\n\nThe user-controlled value was:\n/wepdwujmtqwodm2mzg3d2qwagiddxychgdlbmn0exblbrntdwx0axbhcnqvzm9ybs1kyxrhfgicbg9kfgjmd2qwcgibdxychgdwaxnpymxlzxyiagipzbyeagepzbycagepdxychgruzxh0zwrkagmpzbycagepea8wbh4orgf0yvzhbhvlrmllbgqfdm5tzxj2awnlvhlwzulehg1eyxrhvgv4dezpzwxkbrnzdhjtzxj2awnlvhlwzvrpdgxlhgtfiurhdgfcb3vuzgdkebura1vnuwnvtu8drk1pa0vnuwjstajqugnnt1mdvlbqa1zqtadhzw5lcmfsa0nprahftvmgugx1cwtqyxjjzwwgsw50badstcbjbnrsckluc3vyzwqgukwosw5zdxjlzcbqyxjjzwwdt1zofrebnae1atybnwe4atkcmtacmtecmticmtqcmtycmtccmtgcmtkcmjacmjecmjiukwmrz2dnz2dnz2dnz2dnz2dnz2cwawzkagupzbycagepzbycagepd2qwah4icmvhzg9ubhkfbhrydwvkagkpzbyeagepzbycagepea8wbh8dbqnuawqfbaulc3ryq2l0eu5hbwufbwdkebvqculzbgftywjhzavlb2hhdazmywhvcmuguxvldhrhb0thcmfjagkiugvzagf3yxikumf3ywxwaw5kaqzndwx0yw4jshlkzxjhymfkbuhhbmd1bln1a2t1cgpcywhhd2fschvycuquss4gs2hhbgpbymjvdhrhymfkckzhaxnhbgfiywqmtxv6ywzmyxjhymfkduludgvybmf0aw9uywwgvhvyymf0b0todxpkyxieu2liaqdmb3jhbgfpbk11cnjlzqhuywxhz2fuzwlnaxjwdxigqusitwlhbndhbgkgr2lsz2l0bkpozwx1bqzbdhrvy2sitwfsywthbmqgtwfyzgfubkhhemfyyqvcyw5udqddagl0cmfscejhdgtozwxhcu5vd3nozwhyyqldagfyc2fkzgehsgfyaxb1cghnyw5zzwhyyqvlyxjhawruyw5rdfnhawr1ifnoyxjpzgvkagfuzwhtyxjnb2royqvlb3rsaqrcywdodlrvymegvgvrifnpbmdob0todxnoywilu2hlawtodxb1cmejsmfyyw53ywxhckd1anjhbndhbgeft2thcmehu2foaxdhbalxyxppcmfiywqgr3vqcmf0d01hbmrpiejhagf1zgrpbgdoyxjvd2fsblbhc3j1cgveyxnryqliywzpemfiywqhu2lhbgtvda1tawfsa290ienhbnr0cu5hd2fic2hhaa5sywhpbsbzyxigs2hhbgdmb2rocmfublzlagfyaqhlagfuzxdhba1ndxphzmzhcibhyxjobkxhexlhaa9ezxjhiedoyxppietoyw4nqmfoyxdhbcboywdhcglqywtwyxr0yw4ju2fkaxfhymfkcfjhamfuchvyblnjsefmqqvnquxjugdtsefis09ucvjhd2fsywtvdatnaxjwdxigs2hhcwvlywxhbqvlyxn1cgddagfrd2fsckd1amfyietoyw4jsmfjb2jhymfkb0xhcmthbmeltgfrasbnyxj3yxqgu2thcmr1cephbxnob3jvb0joaw1izxijugfsbgfuzhjpb0joywtryxigs2fodxrhcvdhacbdyw50dapgyxrlacbkyw5nberhzhuns2hhaxjwdxigtwlycwltaglryxjwdxigr2hvdgtpb1nhbmdoyxihtwf0awfyaqdlagfyawfudvnhcmfpiefsyw1naxiitgfsyw11c2ens2hhcmlhbibdyw50daddagluaw90ckh1yibdag93a2kjtgf0awzhymfkfwobmqe0atubnge4atkcmtacmtecmtmcmtqcmtucmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqcmjucmjycmjccmjgcmjkcmzacmzecmzicmzmcmzqcmzucmzycmzccmzgcmzkcndacndecndicndmcndqcnducndycndccndgcndkcntecnticntmcntqcntucntycntccntgcntkcnjacnjecnjicnjmcnjqcnjycnjgcnjkcnzacnzecnzicnzmcnzucnzycnzccnzgcnzkcodacodecodmcodqcoducodycodccodgcodkcotacotecoticotmcotqcotucotycotccotgcotkdmtawazewmqmxmdidmtazazewnamxmdudmta2azewnwmxmdgdmta5azexmamxmtedmteyazexmwmxmtqdmte1fcsdamdnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dkzaidd2qwagibdxapfgyfawudbmlkhwqfc3n0cknpdhloyw1lhwvnzbavagljc2xhbwfiywqfs29oyxqgtgfob3jlblf1zxr0yqdlyxjhy2hpcfblc2hhd2fycljhd2fscgluzgkgtxvsdgfucuh5zgvyywjhzaviyw5ndqztdwtrdxikqmfoyxdhbhb1cglelkkuietoyw4kqwjib3r0ywjhzapgywlzywxhymfkde11emfmzmfyywjhza1jbnrlcm5hdglvbmfsblr1cmjhdadlahv6zgfybfnpymkhtg9yywxhaqzndxjyzwuivgfsywdhbmcjtwlychvyieflce1pyw53ywxpbkdpbgdpdazkagvsdw0gqxr0b2nrce1hbgfryw5kbk1hcmrhbgziyxphcmefqmfubnuhq2hpdhjhbahcyxrragvsyqlob3dzagvocmejq2hhcnnhzgrhb0hhcmlwdxiitwfuc2vocmefs2fyywsevgfuawxtywlkdsbtagfyawyfsmhhbmciu2fyz29kagefs290bgkeqmfnaa5ub2jhifrlaybtaw5naadlahvzagfic1nozwlrahvwdxjhcuphcmfud2fsyqphdwpyyw53ywxhbu9ryxjhb1nhagl3ywwjv2f6axjhymfkbkd1anjhda9nyw5kasbcywhhdwrkaw4htmfyb3dhbazqyxnydxifrgfza2ejsgfmaxphymfkb1npywxrb3qnu2lhbgtvdcbdyw50daloyxdhynnoywgoumfoaw0gwwfyietoyw4htg9kahjhbgzwzwhhcmkis2hhbmv3ywwntxv6ywzmyxigr2fyaazmyxl5ywgprgvyysbhagf6asblagfudujhagf3ywwgtmfnyxijugfrcgf0dgfucvnhzglxywjhzahsywphbnb1cgztsuhbteeftufmsvihu0hbsetpvalsyxdhbgfrb3qltwlychvyietoyxmfs2fsyw0fs2fzdxihq2hha3dhbaphdwphciblagfucuphy29iywjhzadmyxjryw5hc0xha2kgtwfyd2f0blnryxjkdqhkyw1zag9ybwdcagltymvycvbhbgxhbmryaqdcagfra2fybkthahv0yqlxywggq2fudhqkrmf0zwggsmfuzwreywr1dutoywlychvyie1pcnmju2hpa2fychvybkdob3rraqdtyw5nagfyb01hdglhcmkhs2hhcmlhbg1tyxjhasbbbgftz2lycexhbgftdxnhdutoyxjpyw4gq2fudhqhq2hpbmlvdapidwigq2hvd2tpcuxhdglmywjhzbvqatebnae1atyboae5ajewajexajezaje0aje1aje2aje3aje4aje5ajiwajixajiyajizaji0aji1aji2aji3aji4aji5ajmwajmxajmyajmzajm0ajm1ajm2ajm3ajm4ajm5ajqwajqxajqyajqzajq0ajq1ajq2ajq3ajq4ajq5ajuxajuyajuzaju0aju1aju2aju3aju4aju5ajywajyxajyyajyzajy0ajy2ajy4ajy5ajcwajcxajcyajczajc1ajc2ajc3ajc4ajc5ajgwajgxajgzajg0ajg1ajg2ajg3ajg4ajg5ajkwajkxajkyajkzajk0ajk1ajk2ajk3ajk4ajk5azewmamxmdedmtayazewmwmxmdqdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgmxmtmdmte0azexnrqra2pnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzgqcea9kfgjmd2qwbaibdxapfgyfawukrglzdhjpy3rjzb8ebq1eaxn0cmljdf9oyw1lhwvnzbavxweadiagtvvaquzgqvjbqkfecufiym90ywjhzapbymjvdhrhymfkb0fzdg9yzsafqxrvy2shqxr0b2nriadbd2fyyw4gceiuie5hz2fybujhzglucejhz2ggqs5lb0jhz2ggqusrqmfnacbbsy4gqmfnacbblkskqmfoyxdhbhb1cg1cywpvdxigqwdlbmn5bujhbm51bkjhbm51lgdcyxjragfucujhdhrhz3jhbqvcagfniadcagfra2fyb0joaw1izxinqmhpbwjlciaoqs5lkqvcb2xhbgzdagfnywkhq2hhz2hpiaddagfrd2fscunoyxjzywrkyqhdagluaw90iaddagl0cmfscequss5lsefoberhzhusrgvhcibndxjhzcbkyw1hbgkgd0rlcmegqwxsywggwwfyibbezxjhiefsbgfoysbzyxigckrlcmegqnvndgksrgvyysbndxjhzcbkyw1hbgkgb0rhietoyw4grglhbwvycurpcibmb3dlcgleaxigvxbwzxilrglzdhqgqnvuaxierhvraqtguibelkkus2hhbgdguibuqu5lbkzzzcbebgdgc2qgr1bpcudhbmrha2hhiahhyxdhzgfyiadhagfuy2hlbkdoaxplcgzhag90a2kgr2lsz2l0c0d1anjhbndhbgegbkd1anjhdaviyw5ndqdiyxjpchvybkhhcm5haq9iyxr0awfuiejhbgegqusksgf2zwxpieeuswliyxzlbgkgqusfshvuemejshlkzxjhymfkculzbgftywjhzalkywnvymfiywqlsmfmzmvyywjhzcaismftc2hvcm8msmhhbcbnywdhc2kgckpoywwgtwfnc2kgsmhhbmcgbkpozwx1bqvkdwriyqvlywnoia1lywnoagkgqm9syw4gduthy2hpichcb2xhbikgs2fsyxqgfethbwjlcibaifnoywhkywqga290futhbwjlcibhdcbtagfozgfkigtvda9lyxjhy2hpienlbnryywwms2fyywnoasbfyxn0duthcmfjagkgu291dggms2fyywnoasbxzxn0buthcmfrfethc2htb3jlieags2fuzggga290buthc3vybetly2gis2hhaxjwdxiqs2hhaxjwdxigtwly4oczcwhlagfuzxdhbadlagfyyw4gcetoyxjtyw5nb0todxnoywiis2h1emrhciags2lsbgegdktpbgxhiefizhvsbgfod0tpbgxhifnhawz1bgxhaa9lawxsywggqwjkdwxsywgps2lsbgkgqwjkdwxsywggeetpbgxpu2fpzibvbgxhacafs09oyxqis29oaxn0yw4gs29obhugb0tvcmfuz2kls290bgkgkeeusykis290bgkgqusgtgfob3jldexha2tpie1hcndhda5mywtrasbnyxj3yxquiadmyxjryw5hcexhc2jlbgegbkxhexlhaavmzwhyaqvmzxjoaqhmb2rocmfuiadmb3jhbgfpck0uiefiywqgqusits5clibeaw4hts5clkrpbgvnywnoiadnywl3yw5kcu1hbgfryw5kiavnywxpcgtnyw5qagkguhvyiahnyw5zzwhyyqdnyxjkyw4gce1hc3r1bmcgb01hdglhcmkitwlhbndhbgkjtwlhbnd3ywxpde1pcnb1ciaoqs5lkqlnaxjwdxigqusktwlychvya2hhcwdndwx0yw4gck11bhrhbibhue8itxvzywtozwwntxv6ywzmyxigr2fyaazollcuqs4ftmfnyxihtmfua2fuyqhoyxjvd2fsiapoyxnpcmfiywqgd05hdxnoyxjviezlcm96zqloyxdhynnoywgjtmvlbhvtieflce5vd3nozxjhb051c2hrasaft2thcmejugfrcgf0dgfucfbhbmpndxigcfblc2hhd2fyb1bpc2hpbiagug9vbmnocfeuuy5qdxjhblf1zxr0yqpsllkuietoyw4gcfjhamfuchvyc1jhd2fscgluzgkgcfnhagl3ywwgdvnhawr1ifnoyxjpziahu2fuz2hhcgztyw5uasaiu2fyz29kagehu2dkiedqtxntagfozwvkiejlbmf6axjhymfkb1noyw5nbgelu2hlawtodxb1cmehu2hlcmfuaqztaglnyxiju2hpa2fychvycfnpywxrb3qgbvnpymkgblnryxjkdqttb2jhdggguhvyiaztb2hiyxqku29oymf0ifb1chhtt1vuscbxqvpjukltvefoiefhru5dwsabu09vveggv0fasvjju1rbtibbr0voq1kgu1dbcvn1zghhbm90aqhtdwrobm90aqdtdwphd2fsbln1a2t1chntdxjhyibtawthbmrhcmfiywqgbvn3ywjpbfn3yxqivc5nlmtoyw4lvc5ulibtaw5nacakvc5ullnpbmdoia5uyw5kbybbbgxhahlhchnuyw5kbybndwhhbw1hzcblagfubfrhbmsevghhcgzuagf0dgehvhvyymf0iadvbwvya290dlvzdgegtxvoyw1tywqgb1zlagfyasahv2fzahvriaraag9iblppyxjhdbxhaqqxmde3bdewntyemta1maexbdewmzkemtaymqqxmde0atibmwe0bdewmzuemta1mqqxmdq0atubnge3atgboqixmaixmqqxmdmxbdewntgemtaxngixmgixmwixnaqxmde4aje1bdewndacmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqemta0mgiynqiyngiynwiyoaiyoqizmaqxmdezbdewmjacmzecmziemta0nwqxmdqzajmzbdewndgemtaznaqxmde1ajm0ajm1ajm2bdewnjeemtaymwqxmdi1bdewmjqcmzcemtawngizoaizoqi0mai0mqi0mgqxmdq2bdewmticndmcndqcnducndycndccndgcndkcntacntecnticntmcntqcntuemtazmai1ngi1nwi1oai1oqi2maqxmdi2bdewmjkcnjecnjicnjmcnjqcnjucnjycnjccnjgcnjkcnzacnzeemtazmgqxmdazbdewnticnzicnzmcnzqcnzucnzycnzccnzgcnzkcodaemta2maqxmdewbdewmdicodecodicodmcodqcoducodycodccodgcodkemtawnwqxmdq1bdewntuemta1oqi5mai5mqi5mgi5mwi5nai5nqqxmdq5bdewmteemta1nwi5ngi5nwi5oaqxmda4ajk5azewmaqxmdm4azewmqmxmdidmtazazewnaqxmdqxbdewmzmdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgqxmdm2bdewmdudmtezazexnaqxmda0azexnqqxmdm3azexngqxmdu0azexnwqxmde5azexoamxmtkdmtiwazeymqmxmjiemtayoaqxmduzazeymwmxmjqdmti1azeyngmxmjcdmti4bdewmjiemtaynwmxmjkdmtmwazezmqmxmzidmtmzazeznamxmzudmtm2azeznwmxmzgdmtm5aze0mbqra8cbz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzxybzmqcaw8qzgqwagqcaw8wah8bagqcbq8wah8babyyagipzbyeagepzbycagepdxychwifa1pbugrkagmpzbycagepdxychwifa1vnu2rkagmpzbycagepzbycagepdxychwifa1pbugrkagqpzbycagepzbycagepdxychwifa1pbugrkagupzbycagepzbycagepdxychwifa1pbugrkagcpzbyeagepzbycagepdxychwifa1pbugrkagmpzbycagepdxychwifa1pbugrkaggpzbyeagepzbycagepdxychwifba0kdqpkzaidd2qwagibdw8wah8cbqqncg0kzgqccq9kfgqcaq9kfgicaq8pfgifagufs29oyxrkzaidd2qwagibdw8wah8cbqvlb2hhdgrkagopzbyeagepzbycagepdxychwifa1pbugrkagmpzbycagepdxychwifa1pbugrkagspzbyeagepzbycagepdxychwifa1pbugrkagmpzbycagepdxychwjlzgqcda9kfgicaq9kfgicaq8pfgifamvkzaind2qwagibd2qwagibdw8wah8czwrkag4pzbycagepzbycagepdxychwjlzgqcbw8pfgifamvkzaipdw8wah8bz2rkzfy9j5ursqdkzkfsy/uyixyowf0lsskregmjcj6oorrw","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":295,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATE","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1059","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nTextBoxCustomBookingOffice=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":295,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"TextBoxCustomBookingOffice","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1064","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeMobile=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":295,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeMobile","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1068","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeName=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":295,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeName","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1070","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtAddresseeTel=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":293,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"293","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtAddresseeTel","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1073","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":296,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"296","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1085","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxtSenderTel=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":295,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txtSenderTel","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1086","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\ntxt_ComplainantName=ZAP\n\nThe user-controlled value was:\nzap","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":295,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"295","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"txt_ComplainantName","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1094","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nDDDistrict=1017\n\nThe user-controlled value was:\n1017","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":293,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"293","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"DDDistrict","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1108","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton1,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":283,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"283","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1127","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(ImageButton2,__EVENTARGUMENT,__EVENTTARGET,__VIEWSTATE,__VIEWSTATEGENERATOR)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nImageButton2=Cancel\n\nThe user-controlled value was:\ncancel","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":296,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"296","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton2","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1128","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"POST","evidence":"-","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":294,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1174","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [form] tag [method] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1180","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default_Test.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATE=/wEPDwUJMTQwODM2Mzg3D2QWAgIDDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICBg9kFgJmD2QWCgIBDxYCHgdWaXNpYmxlZxYIAgIPZBYEAgEPZBYCAgEPDxYCHgRUZXh0ZWRkAgMPZBYCAgEPEA8WBh4ORGF0YVZhbHVlRmllbGQFDm5TZXJ2aWNlVHlwZUlEHg1EYXRhVGV4dEZpZWxkBRNzdHJTZXJ2aWNlVHlwZVRpdGxlHgtfIURhdGFCb3VuZGdkEBURA1VNUwNVTU8DRk1PA0VNUwJSTAJQUgNNT1MDVlBQA1ZQTAdHZW5lcmFsA0NPRAhFTVMgUGx1cwtQYXJjZWwgSW50bAdSTCBJbnRsCkluc3VyZWQgUkwOSW5zdXJlZCBQYXJjZWwDT1ZOFREBNAE1ATYBNwE4ATkCMTACMTECMTICMTQCMTYCMTcCMTgCMTkCMjACMjECMjIUKwMRZ2dnZ2dnZ2dnZ2dnZ2dnZ2cWAWZkAgUPZBYCAgEPZBYCAgEPD2QWAh4IcmVhZG9ubHkFBHRydWVkAgkPZBYEAgEPZBYCAgEPEA8WBh8DBQNuaWQfBAULc3RyQ2l0eU5hbWUfBWdkEBVqCUlzbGFtYWJhZAVLb2hhdAZMYWhvcmUGUXVldHRhB0thcmFjaGkIUGVzaGF3YXIKUmF3YWxwaW5kaQZNdWx0YW4JSHlkZXJhYmFkBUhhbmd1BlN1a2t1cgpCYWhhd2FscHVyCUQuSS4gS2hhbgpBYmJvdHRhYmFkCkZhaXNhbGFiYWQMTXV6YWZmYXJhYmFkDUludGVybmF0aW9uYWwGVHVyYmF0B0todXpkYXIEU2liaQdMb3JhbGFpBk11cnJlZQhUYWxhZ2FuZwlNaXJwdXIgQUsITWlhbndhbGkGR2lsZ2l0BkpoZWx1bQZBdHRvY2sITWFsYWthbmQGTWFyZGFuBkhhemFyYQVCYW5udQdDaGl0cmFsCEJhdGtoZWxhCU5vd3NoZWhyYQlDaGFyc2FkZGEHSGFyaXB1cghNYW5zZWhyYQVLYXJhawRUYW5rDFNhaWR1IFNoYXJpZgVKaGFuZwhTYXJnb2RoYQVLb3RsaQRCYWdoDlRvYmEgVGVrIFNpbmdoB0todXNoYWILU2hlaWtodXB1cmEJSmFyYW53YWxhCkd1anJhbndhbGEFT2thcmEHU2FoaXdhbAlXYXppcmFiYWQGR3VqcmF0D01hbmRpIEJhaGF1ZGRpbgdOYXJvd2FsBlBhc3J1cgVEYXNrYQlIYWZpemFiYWQHU2lhbGtvdA1TaWFsa290IENhbnR0CU5hd2Fic2hhaA5SYWhpbSBZYXIgS2hhbgdMb2RocmFuBlZlaGFyaQhLaGFuZXdhbA1NdXphZmZhciBHYXJoBkxheXlhaA9EZXJhIEdoYXppIEtoYW4NQmFoYXdhbCBOYWdhcglQYWtwYXR0YW4JU2FkaXFhYmFkCFJhamFucHVyBlNJSEFMQQVNQUxJUgdTSEFIS09UCVJhd2FsYWtvdAtNaXJwdXIgS2hhcwVLYWxhbQVLYXN1cgdDaGFrd2FsCkd1amFyIEtoYW4JSmFjb2JhYmFkB0xhcmthbmELTGFraSBNYXJ3YXQGU2thcmR1CEphbXNob3JvB0JoaW1iZXIJUGFsbGFuZHJpB0JoYWtrYXIGS2FodXRhCVdhaCBDYW50dApGYXRlaCBKYW5nBERhZHUNS2hhaXJwdXIgTWlycwlTaGlrYXJwdXIGR2hvdGtpB1NhbmdoYXIHTWF0aWFyaQdLaGFyaWFuDVNhcmFpIEFsYW1naXIITGFsYW11c2ENS2hhcmlhbiBDYW50dAdDaGluaW90Ckh1YiBDaG93a2kJTGF0aWZhYmFkFWoBMQE0ATUBNgE4ATkCMTACMTECMTMCMTQCMTUCMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQCMjUCMjYCMjcCMjgCMjkCMzACMzECMzICMzMCMzQCMzUCMzYCMzcCMzgCMzkCNDACNDECNDICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTECNTICNTMCNTQCNTUCNTYCNTcCNTgCNTkCNjACNjECNjICNjMCNjQCNjYCNjgCNjkCNzACNzECNzICNzMCNzUCNzYCNzcCNzgCNzkCODACODECODMCODQCODUCODYCODcCODgCODkCOTACOTECOTICOTMCOTQCOTUCOTYCOTcCOTgCOTkDMTAwAzEwMQMxMDIDMTAzAzEwNAMxMDUDMTA2AzEwNwMxMDgDMTA5AzExMAMxMTEDMTEyAzExMwMxMTQDMTE1FCsDamdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIDD2QWAgIBDxAPFgYfAwUDbmlkHwQFC3N0ckNpdHlOYW1lHwVnZBAVaglJc2xhbWFiYWQFS29oYXQGTGFob3JlBlF1ZXR0YQdLYXJhY2hpCFBlc2hhd2FyClJhd2FscGluZGkGTXVsdGFuCUh5ZGVyYWJhZAVIYW5ndQZTdWtrdXIKQmFoYXdhbHB1cglELkkuIEtoYW4KQWJib3R0YWJhZApGYWlzYWxhYmFkDE11emFmZmFyYWJhZA1JbnRlcm5hdGlvbmFsBlR1cmJhdAdLaHV6ZGFyBFNpYmkHTG9yYWxhaQZNdXJyZWUIVGFsYWdhbmcJTWlycHVyIEFLCE1pYW53YWxpBkdpbGdpdAZKaGVsdW0GQXR0b2NrCE1hbGFrYW5kBk1hcmRhbgZIYXphcmEFQmFubnUHQ2hpdHJhbAhCYXRraGVsYQlOb3dzaGVocmEJQ2hhcnNhZGRhB0hhcmlwdXIITWFuc2VocmEFS2FyYWsEVGFuawxTYWlkdSBTaGFyaWYFSmhhbmcIU2FyZ29kaGEFS290bGkEQmFnaA5Ub2JhIFRlayBTaW5naAdLaHVzaGFiC1NoZWlraHVwdXJhCUphcmFud2FsYQpHdWpyYW53YWxhBU9rYXJhB1NhaGl3YWwJV2F6aXJhYmFkBkd1anJhdA9NYW5kaSBCYWhhdWRkaW4HTmFyb3dhbAZQYXNydXIFRGFza2EJSGFmaXphYmFkB1NpYWxrb3QNU2lhbGtvdCBDYW50dAlOYXdhYnNoYWgOUmFoaW0gWWFyIEtoYW4HTG9kaHJhbgZWZWhhcmkIS2hhbmV3YWwNTXV6YWZmYXIgR2FyaAZMYXl5YWgPRGVyYSBHaGF6aSBLaGFuDUJhaGF3YWwgTmFnYXIJUGFrcGF0dGFuCVNhZGlxYWJhZAhSYWphbnB1cgZTSUhBTEEFTUFMSVIHU0hBSEtPVAlSYXdhbGFrb3QLTWlycHVyIEtoYXMFS2FsYW0FS2FzdXIHQ2hha3dhbApHdWphciBLaGFuCUphY29iYWJhZAdMYXJrYW5hC0xha2kgTWFyd2F0BlNrYXJkdQhKYW1zaG9ybwdCaGltYmVyCVBhbGxhbmRyaQdCaGFra2FyBkthaHV0YQlXYWggQ2FudHQKRmF0ZWggSmFuZwREYWR1DUtoYWlycHVyIE1pcnMJU2hpa2FycHVyBkdob3RraQdTYW5naGFyB01hdGlhcmkHS2hhcmlhbg1TYXJhaSBBbGFtZ2lyCExhbGFtdXNhDUtoYXJpYW4gQ2FudHQHQ2hpbmlvdApIdWIgQ2hvd2tpCUxhdGlmYWJhZBVqATEBNAE1ATYBOAE5AjEwAjExAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxAjMyAjMzAjM0AjM1AjM2AjM3AjM4AjM5AjQwAjQxAjQyAjQzAjQ0AjQ1AjQ2AjQ3AjQ4AjQ5AjUxAjUyAjUzAjU0AjU1AjU2AjU3AjU4AjU5AjYwAjYxAjYyAjYzAjY0AjY2AjY4AjY5AjcwAjcxAjcyAjczAjc1Ajc2Ajc3Ajc4Ajc5AjgwAjgxAjgzAjg0Ajg1Ajg2Ajg3Ajg4Ajg5AjkwAjkxAjkyAjkzAjk0Ajk1Ajk2Ajk3Ajk4Ajk5AzEwMAMxMDEDMTAyAzEwMwMxMDQDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgMxMTMDMTE0AzExNRQrA2pnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCEA9kFgJmD2QWBAIBDxAPFgYfAwUKRGlzdHJpY3RJZB8EBQ1EaXN0cmljdF9OYW1lHwVnZBAVxwEADiAgTVVaQUZGQVJBQkFECUFiYm90YWJhZApBYmJvdHRhYmFkB0FzdG9yZSAFQXRvY2sHQXR0b2NrIAdBd2FyYW4gCEIuIE5hZ2FyBUJhZGluCEJhZ2ggQS5LB0JhZ2ggQUsRQmFnaCBBSy4gQmFnaCBBLksKQmFoYXdhbHB1cg1CYWpvdXIgQWdlbmN5BUJhbm51BkJhbm51LgdCYXJraGFuCUJhdHRhZ3JhbQVCaGFnIAdCaGFra2FyB0JoaW1iZXINQmhpbWJlciAoQS5LKQVCb2xhbgZDaGFnYWkHQ2hhZ2hpIAdDaGFrd2FsCUNoYXJzYWRkYQhDaGluaW90IAdDaGl0cmFsCEQuSS5LSEFOBERhZHUSRGVhciBNdXJhZCBKYW1hbGkgD0RlcmEgQWxsYWggWWFyIBBEZXJhIEFsbGFoYSBZYXIgCkRlcmEgQnVndGkSRGVyYSBNdXJhZCBKYW1hbGkgB0RHIEtoYW4GRGlhbWVyCURpciBMb3dlcglEaXIgVXBwZXILRGlzdHQgQnVuaXIERHVraQtGUiBELkkuS2hhbgdGUiBUQU5LBkZzZCBEbgdGc2QgR1BPCUdhbmRha2hhIAhHYXdhZGFyIAdHaGFuY2hlBkdoaXplcgZHaG90a2kGR2lsZ2l0C0d1anJhbndhbGEgBkd1anJhdAVIYW5ndQdIYXJpcHVyBkhhcm5haQ9IYXR0aWFuIEJhbGEgQUsKSGF2ZWxpIEEuSwlIYXZlbGkgQUsFSHVuemEJSHlkZXJhYmFkCUlzbGFtYWJhZAlKYWNvYmFiYWQLSmFmZmVyYWJhZCAISmFtc2hvcm8MSmhhbCBNYWdhc2kgCkpoYWwgTWFnc2kGSmhhbmcgBkpoZWx1bQVKdWRiYQVLYWNoIA1LYWNoaGkgQm9sYW4gDUthY2hpIChCb2xhbikGS2FsYXQgFEthbWJlciBAIFNoYWhkYWQga290FUthbWJlciBhdCBTaGFoZGFkIGtvdA9LYXJhY2hpIENlbnRyYWwMS2FyYWNoaSBFYXN0DUthcmFjaGkgU291dGgMS2FyYWNoaSBXZXN0BUthcmFrFEthc2htb3JlIEAgS2FuZGgga290BUthc3VyBEtlY2gIS2hhaXJwdXIQS2hhaXJwdXIgTWly4oCZcwhLaGFuZXdhbAdLaGFyYW4gCEtoYXJtYW5nB0todXNoYWIIS2h1emRhciAGS2lsbGEgDktpbGxhIEFiZHVsbGFoD0tpbGxhIFNhaWZ1bGxhaA9LaWxsYWggQWJkdWxsYWgPS2lsbGkgQWJkdWxsYWggEEtpbGxpU2FpZiBVbGxhaCAFS09oYXQIS29oaXN0YW4GS29obHUgB0tvcmFuZ2kLS290bGkgKEEuSykIS290bGkgQUsGTGFob3JlDExha2tpIE1hcndhdA5MYWtraSBNYXJ3YXQuIAdMYXJrYW5hCExhc2JlbGEgBkxheXlhaAVMZWhyaQVMZXJoaQhMb2RocmFuIAdMb3JhbGFpCk0uIEFiYWQgQUsITS5CLiBEaW4HTS5CLkRpbgVNYWNoIAdNYWl3YW5kCU1hbGFrYW5kIAVNYWxpcgtNYW5qaGkgUHVyIAhNYW5zZWhyYQdNYXJkYW4gCE1hc3R1bmcgB01hdGlhcmkITWlhbndhbGkJTWlhbnd3YWxpDE1pcnB1ciAoQS5LKQlNaXJwdXIgQUsKTWlycHVya2hhcwdNdWx0YW4gCk11bHRhbiBHUE8ITXVzYWtoZWwNTXV6YWZmYXIgR2FyaAZOLlcuQS4FTmFnYXIHTmFua2FuYQhOYXJvd2FsIApOYXNpcmFiYWQgD05hdXNoYXJvIEZlcm96ZQlOYXdhYnNoYWgJTmVlbHVtIEFLCE5vd3NoZXJhB051c2hraSAFT2thcmEJUGFrcGF0dGFuCFBhbmpndXIgCFBlc2hhd2FyB1Bpc2hpbiAGUG9vbmNoCFEuUy5QdXJhBlF1ZXR0YQpSLlkuIEtoYW4gCFJhamFucHVyC1Jhd2FscGluZGkgCFNhaGl3YWwgDVNhaWR1IFNoYXJpZiAHU2FuZ2hhcgZTYW5uaSAIU2FyZ29kaGEHU2dkIEdQTxNTaGFoZWVkIEJlbmF6aXJhYmFkB1NoYW5nbGELU2hlaWtodXB1cmEHU2hlcmFuaQZTaGlnYXIJU2hpa2FycHVyCFNpYWxrb3QgBVNpYmkgBlNrYXJkdQtTb2JhdGggUHVyIAZTb2hiYXQKU29oYmF0IFB1chhTT1VUSCBXQVpJUklTVEFOIEFHRU5DWSAbU09VVEggV0FaSVJJU1RBTiBBR0VOQ1kgU1dBCVN1ZGhhbm90aQhTdWRobm90aQdTdWphd2FsBlN1a2t1chNTdXJhYiBTaWthbmRhcmFiYWQgBVN3YWJpBFN3YXQIVC5NLmtoYW4LVC5ULiBTaW5naCAKVC5ULlNpbmdoIA5UYW5kbyBBbGxhaHlhchNUYW5kbyBNdWhhbW1hZCBLaGFuBFRhbmsEVGhhcgZUaGF0dGEHVHVyYmF0IAdVbWVya290DlVzdGEgTXVoYW1tYWQgB1ZlaGFyaSAHV2FzaHVrIARaaG9iBlppYXJhdBXHAQQxMDE3BDEwNTYEMTA1MAExBDEwMzkEMTAyMQQxMDE0ATIBMwE0BDEwMzUEMTA1MQQxMDQ0ATUBNgE3ATgBOQIxMAIxMQQxMDMxBDEwNTgEMTAxNgIxMgIxMwIxNAQxMDE4AjE1BDEwNDACMTYCMTcCMTgCMTkCMjACMjECMjICMjMCMjQEMTA0MgIyNQIyNgIyNwIyOAIyOQIzMAQxMDEzBDEwMjACMzECMzIEMTA0NwQxMDQzAjMzBDEwNDgEMTAzNAQxMDE1AjM0AjM1AjM2BDEwNjEEMTAyMwQxMDI1BDEwMjQCMzcEMTAwNgIzOAIzOQI0MAI0MQI0MgQxMDQ2BDEwMTICNDMCNDQCNDUCNDYCNDcCNDgCNDkCNTACNTECNTICNTMCNTQCNTUEMTAzMAI1NgI1NwI1OAI1OQI2MAQxMDI2BDEwMjkCNjECNjICNjMCNjQCNjUCNjYCNjcCNjgCNjkCNzACNzEEMTAzMgQxMDAzBDEwNTICNzICNzMCNzQCNzUCNzYCNzcCNzgCNzkCODAEMTA2MAQxMDEwBDEwMDICODECODICODMCODQCODUCODYCODcCODgCODkEMTAwNwQxMDQ1BDEwNTUEMTA1OQI5MAI5MQI5MgI5MwI5NAI5NQQxMDQ5BDEwMTEEMTA1NwI5NgI5NwI5OAQxMDA4Ajk5AzEwMAQxMDM4AzEwMQMxMDIDMTAzAzEwNAQxMDQxBDEwMzMDMTA1AzEwNgMxMDcDMTA4AzEwOQMxMTADMTExAzExMgQxMDM2BDEwMDUDMTEzAzExNAQxMDA0AzExNQQxMDM3AzExNgQxMDU0AzExNwQxMDE5AzExOAMxMTkDMTIwAzEyMQMxMjIEMTAyOAQxMDUzAzEyMwMxMjQDMTI1AzEyNgMxMjcDMTI4BDEwMjIEMTAyNwMxMjkDMTMwAzEzMQMxMzIDMTMzAzEzNAMxMzUDMTM2AzEzNwMxMzgDMTM5AzE0MBQrA8cBZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCAw8QZGQWAGQCAw8WAh8BaGQCBQ8WAh8BaBYYAgIPZBYEAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgMPZBYCAgEPDxYCHwIFA1VNU2RkAgMPZBYCAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgQPZBYCAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgUPZBYCAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgcPZBYEAgEPZBYCAgEPDxYCHwIFA1pBUGRkAgMPZBYCAgEPDxYCHwIFA1pBUGRkAggPZBYEAgEPZBYCAgEPDxYCHwIFAg0KZGQCAw9kFgICAQ8PFgIfAgUCDQpkZAIJD2QWBAIBD2QWAgIBDw8WAh8CBQVLb2hhdGRkAgMPZBYCAgEPDxYCHwIFBUtvaGF0ZGQCCg9kFgQCAQ9kFgICAQ8PFgIfAgUDWkFQZGQCAw9kFgICAQ8PFgIfAgUDWkFQZGQCCw9kFgQCAQ9kFgICAQ8PFgIfAgUDWkFQZGQCAw9kFgICAQ8PFgIfAmVkZAIMD2QWAgIBD2QWAgIBDw8WAh8CZWRkAg0PZBYCAgEPZBYCAgEPDxYCHwJlZGQCDg9kFgICAQ9kFgICAQ8PFgIfAmVkZAIHDw8WAh8CZWRkAg8PDxYCHwFnZGRk0I5tDIQ4ptCBn3r6YCTS3on7ixWCnAIdNTduJUYNthA=\n\nThe user-controlled value was:\n/wepdwujmtqwodm2mzg3d2qwagiddxychgdlbmn0exblbrntdwx0axbhcnqvzm9ybs1kyxrhfgicbg9kfgjmd2qwcgibdxychgdwaxnpymxlzxyiagipzbyeagepzbycagepdxychgruzxh0zwrkagmpzbycagepea8wbh4orgf0yvzhbhvlrmllbgqfdm5tzxj2awnlvhlwzulehg1eyxrhvgv4dezpzwxkbrnzdhjtzxj2awnlvhlwzvrpdgxlhgtfiurhdgfcb3vuzgdkebura1vnuwnvtu8drk1pa0vnuwjstajqugnnt1mdvlbqa1zqtadhzw5lcmfsa0nprahftvmgugx1cwtqyxjjzwwgsw50badstcbjbnrsckluc3vyzwqgukwosw5zdxjlzcbqyxjjzwwdt1zofrebnae1atybnwe4atkcmtacmtecmticmtqcmtycmtccmtgcmtkcmjacmjecmjiukwmrz2dnz2dnz2dnz2dnz2dnz2cwawzkagupzbycagepzbycagepd2qwah4icmvhzg9ubhkfbhrydwvkagkpzbyeagepzbycagepea8wbh8dbqnuawqfbaulc3ryq2l0eu5hbwufbwdkebvqculzbgftywjhzavlb2hhdazmywhvcmuguxvldhrhb0thcmfjagkiugvzagf3yxikumf3ywxwaw5kaqzndwx0yw4jshlkzxjhymfkbuhhbmd1bln1a2t1cgpcywhhd2fschvycuquss4gs2hhbgpbymjvdhrhymfkckzhaxnhbgfiywqmtxv6ywzmyxjhymfkduludgvybmf0aw9uywwgvhvyymf0b0todxpkyxieu2liaqdmb3jhbgfpbk11cnjlzqhuywxhz2fuzwlnaxjwdxigqusitwlhbndhbgkgr2lsz2l0bkpozwx1bqzbdhrvy2sitwfsywthbmqgtwfyzgfubkhhemfyyqvcyw5udqddagl0cmfscejhdgtozwxhcu5vd3nozwhyyqldagfyc2fkzgehsgfyaxb1cghnyw5zzwhyyqvlyxjhawruyw5rdfnhawr1ifnoyxjpzgvkagfuzwhtyxjnb2royqvlb3rsaqrcywdodlrvymegvgvrifnpbmdob0todxnoywilu2hlawtodxb1cmejsmfyyw53ywxhckd1anjhbndhbgeft2thcmehu2foaxdhbalxyxppcmfiywqgr3vqcmf0d01hbmrpiejhagf1zgrpbgdoyxjvd2fsblbhc3j1cgveyxnryqliywzpemfiywqhu2lhbgtvda1tawfsa290ienhbnr0cu5hd2fic2hhaa5sywhpbsbzyxigs2hhbgdmb2rocmfublzlagfyaqhlagfuzxdhba1ndxphzmzhcibhyxjobkxhexlhaa9ezxjhiedoyxppietoyw4nqmfoyxdhbcboywdhcglqywtwyxr0yw4ju2fkaxfhymfkcfjhamfuchvyblnjsefmqqvnquxjugdtsefis09ucvjhd2fsywtvdatnaxjwdxigs2hhcwvlywxhbqvlyxn1cgddagfrd2fsckd1amfyietoyw4jsmfjb2jhymfkb0xhcmthbmeltgfrasbnyxj3yxqgu2thcmr1cephbxnob3jvb0joaw1izxijugfsbgfuzhjpb0joywtryxigs2fodxrhcvdhacbdyw50dapgyxrlacbkyw5nberhzhuns2hhaxjwdxigtwlycwltaglryxjwdxigr2hvdgtpb1nhbmdoyxihtwf0awfyaqdlagfyawfudvnhcmfpiefsyw1naxiitgfsyw11c2ens2hhcmlhbibdyw50daddagluaw90ckh1yibdag93a2kjtgf0awzhymfkfwobmqe0atubnge4atkcmtacmtecmtmcmtqcmtucmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqcmjucmjycmjccmjgcmjkcmzacmzecmzicmzmcmzqcmzucmzycmzccmzgcmzkcndacndecndicndmcndqcnducndycndccndgcndkcntecnticntmcntqcntucntycntccntgcntkcnjacnjecnjicnjmcnjqcnjycnjgcnjkcnzacnzecnzicnzmcnzucnzycnzccnzgcnzkcodacodecodmcodqcoducodycodccodgcodkcotacotecoticotmcotqcotucotycotccotgcotkdmtawazewmqmxmdidmtazazewnamxmdudmta2azewnwmxmdgdmta5azexmamxmtedmteyazexmwmxmtqdmte1fcsdamdnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dkzaidd2qwagibdxapfgyfawudbmlkhwqfc3n0cknpdhloyw1lhwvnzbavagljc2xhbwfiywqfs29oyxqgtgfob3jlblf1zxr0yqdlyxjhy2hpcfblc2hhd2fycljhd2fscgluzgkgtxvsdgfucuh5zgvyywjhzaviyw5ndqztdwtrdxikqmfoyxdhbhb1cglelkkuietoyw4kqwjib3r0ywjhzapgywlzywxhymfkde11emfmzmfyywjhza1jbnrlcm5hdglvbmfsblr1cmjhdadlahv6zgfybfnpymkhtg9yywxhaqzndxjyzwuivgfsywdhbmcjtwlychvyieflce1pyw53ywxpbkdpbgdpdazkagvsdw0gqxr0b2nrce1hbgfryw5kbk1hcmrhbgziyxphcmefqmfubnuhq2hpdhjhbahcyxrragvsyqlob3dzagvocmejq2hhcnnhzgrhb0hhcmlwdxiitwfuc2vocmefs2fyywsevgfuawxtywlkdsbtagfyawyfsmhhbmciu2fyz29kagefs290bgkeqmfnaa5ub2jhifrlaybtaw5naadlahvzagfic1nozwlrahvwdxjhcuphcmfud2fsyqphdwpyyw53ywxhbu9ryxjhb1nhagl3ywwjv2f6axjhymfkbkd1anjhda9nyw5kasbcywhhdwrkaw4htmfyb3dhbazqyxnydxifrgfza2ejsgfmaxphymfkb1npywxrb3qnu2lhbgtvdcbdyw50daloyxdhynnoywgoumfoaw0gwwfyietoyw4htg9kahjhbgzwzwhhcmkis2hhbmv3ywwntxv6ywzmyxigr2fyaazmyxl5ywgprgvyysbhagf6asblagfudujhagf3ywwgtmfnyxijugfrcgf0dgfucvnhzglxywjhzahsywphbnb1cgztsuhbteeftufmsvihu0hbsetpvalsyxdhbgfrb3qltwlychvyietoyxmfs2fsyw0fs2fzdxihq2hha3dhbaphdwphciblagfucuphy29iywjhzadmyxjryw5hc0xha2kgtwfyd2f0blnryxjkdqhkyw1zag9ybwdcagltymvycvbhbgxhbmryaqdcagfra2fybkthahv0yqlxywggq2fudhqkrmf0zwggsmfuzwreywr1dutoywlychvyie1pcnmju2hpa2fychvybkdob3rraqdtyw5nagfyb01hdglhcmkhs2hhcmlhbg1tyxjhasbbbgftz2lycexhbgftdxnhdutoyxjpyw4gq2fudhqhq2hpbmlvdapidwigq2hvd2tpcuxhdglmywjhzbvqatebnae1atyboae5ajewajexajezaje0aje1aje2aje3aje4aje5ajiwajixajiyajizaji0aji1aji2aji3aji4aji5ajmwajmxajmyajmzajm0ajm1ajm2ajm3ajm4ajm5ajqwajqxajqyajqzajq0ajq1ajq2ajq3ajq4ajq5ajuxajuyajuzaju0aju1aju2aju3aju4aju5ajywajyxajyyajyzajy0ajy2ajy4ajy5ajcwajcxajcyajczajc1ajc2ajc3ajc4ajc5ajgwajgxajgzajg0ajg1ajg2ajg3ajg4ajg5ajkwajkxajkyajkzajk0ajk1ajk2ajk3ajk4ajk5azewmamxmdedmtayazewmwmxmdqdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgmxmtmdmte0azexnrqra2pnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzgqcea9kfgjmd2qwbaibdxapfgyfawukrglzdhjpy3rjzb8ebq1eaxn0cmljdf9oyw1lhwvnzbavxweadiagtvvaquzgqvjbqkfecufiym90ywjhzapbymjvdhrhymfkb0fzdg9yzsafqxrvy2shqxr0b2nriadbd2fyyw4gceiuie5hz2fybujhzglucejhz2ggqs5lb0jhz2ggqusrqmfnacbbsy4gqmfnacbblkskqmfoyxdhbhb1cg1cywpvdxigqwdlbmn5bujhbm51bkjhbm51lgdcyxjragfucujhdhrhz3jhbqvcagfniadcagfra2fyb0joaw1izxinqmhpbwjlciaoqs5lkqvcb2xhbgzdagfnywkhq2hhz2hpiaddagfrd2fscunoyxjzywrkyqhdagluaw90iaddagl0cmfscequss5lsefoberhzhusrgvhcibndxjhzcbkyw1hbgkgd0rlcmegqwxsywggwwfyibbezxjhiefsbgfoysbzyxigckrlcmegqnvndgksrgvyysbndxjhzcbkyw1hbgkgb0rhietoyw4grglhbwvycurpcibmb3dlcgleaxigvxbwzxilrglzdhqgqnvuaxierhvraqtguibelkkus2hhbgdguibuqu5lbkzzzcbebgdgc2qgr1bpcudhbmrha2hhiahhyxdhzgfyiadhagfuy2hlbkdoaxplcgzhag90a2kgr2lsz2l0c0d1anjhbndhbgegbkd1anjhdaviyw5ndqdiyxjpchvybkhhcm5haq9iyxr0awfuiejhbgegqusksgf2zwxpieeuswliyxzlbgkgqusfshvuemejshlkzxjhymfkculzbgftywjhzalkywnvymfiywqlsmfmzmvyywjhzcaismftc2hvcm8msmhhbcbnywdhc2kgckpoywwgtwfnc2kgsmhhbmcgbkpozwx1bqvkdwriyqvlywnoia1lywnoagkgqm9syw4gduthy2hpichcb2xhbikgs2fsyxqgfethbwjlcibaifnoywhkywqga290futhbwjlcibhdcbtagfozgfkigtvda9lyxjhy2hpienlbnryywwms2fyywnoasbfyxn0duthcmfjagkgu291dggms2fyywnoasbxzxn0buthcmfrfethc2htb3jlieags2fuzggga290buthc3vybetly2gis2hhaxjwdxiqs2hhaxjwdxigtwly4oczcwhlagfuzxdhbadlagfyyw4gcetoyxjtyw5nb0todxnoywiis2h1emrhciags2lsbgegdktpbgxhiefizhvsbgfod0tpbgxhifnhawz1bgxhaa9lawxsywggqwjkdwxsywgps2lsbgkgqwjkdwxsywggeetpbgxpu2fpzibvbgxhacafs09oyxqis29oaxn0yw4gs29obhugb0tvcmfuz2kls290bgkgkeeusykis290bgkgqusgtgfob3jldexha2tpie1hcndhda5mywtrasbnyxj3yxquiadmyxjryw5hcexhc2jlbgegbkxhexlhaavmzwhyaqvmzxjoaqhmb2rocmfuiadmb3jhbgfpck0uiefiywqgqusits5clibeaw4hts5clkrpbgvnywnoiadnywl3yw5kcu1hbgfryw5kiavnywxpcgtnyw5qagkguhvyiahnyw5zzwhyyqdnyxjkyw4gce1hc3r1bmcgb01hdglhcmkitwlhbndhbgkjtwlhbnd3ywxpde1pcnb1ciaoqs5lkqlnaxjwdxigqusktwlychvya2hhcwdndwx0yw4gck11bhrhbibhue8itxvzywtozwwntxv6ywzmyxigr2fyaazollcuqs4ftmfnyxihtmfua2fuyqhoyxjvd2fsiapoyxnpcmfiywqgd05hdxnoyxjviezlcm96zqloyxdhynnoywgjtmvlbhvtieflce5vd3nozxjhb051c2hrasaft2thcmejugfrcgf0dgfucfbhbmpndxigcfblc2hhd2fyb1bpc2hpbiagug9vbmnocfeuuy5qdxjhblf1zxr0yqpsllkuietoyw4gcfjhamfuchvyc1jhd2fscgluzgkgcfnhagl3ywwgdvnhawr1ifnoyxjpziahu2fuz2hhcgztyw5uasaiu2fyz29kagehu2dkiedqtxntagfozwvkiejlbmf6axjhymfkb1noyw5nbgelu2hlawtodxb1cmehu2hlcmfuaqztaglnyxiju2hpa2fychvycfnpywxrb3qgbvnpymkgblnryxjkdqttb2jhdggguhvyiaztb2hiyxqku29oymf0ifb1chhtt1vuscbxqvpjukltvefoiefhru5dwsabu09vveggv0fasvjju1rbtibbr0voq1kgu1dbcvn1zghhbm90aqhtdwrobm90aqdtdwphd2fsbln1a2t1chntdxjhyibtawthbmrhcmfiywqgbvn3ywjpbfn3yxqivc5nlmtoyw4lvc5ulibtaw5nacakvc5ullnpbmdoia5uyw5kbybbbgxhahlhchnuyw5kbybndwhhbw1hzcblagfubfrhbmsevghhcgzuagf0dgehvhvyymf0iadvbwvya290dlvzdgegtxvoyw1tywqgb1zlagfyasahv2fzahvriaraag9iblppyxjhdbxhaqqxmde3bdewntyemta1maexbdewmzkemtaymqqxmde0atibmwe0bdewmzuemta1mqqxmdq0atubnge3atgboqixmaixmqqxmdmxbdewntgemtaxngixmgixmwixnaqxmde4aje1bdewndacmtycmtccmtgcmtkcmjacmjecmjicmjmcmjqemta0mgiynqiyngiynwiyoaiyoqizmaqxmdezbdewmjacmzecmziemta0nwqxmdqzajmzbdewndgemtaznaqxmde1ajm0ajm1ajm2bdewnjeemtaymwqxmdi1bdewmjqcmzcemtawngizoaizoqi0mai0mqi0mgqxmdq2bdewmticndmcndqcnducndycndccndgcndkcntacntecnticntmcntqcntuemtazmai1ngi1nwi1oai1oqi2maqxmdi2bdewmjkcnjecnjicnjmcnjqcnjucnjycnjccnjgcnjkcnzacnzeemtazmgqxmdazbdewnticnzicnzmcnzqcnzucnzycnzccnzgcnzkcodaemta2maqxmdewbdewmdicodecodicodmcodqcoducodycodccodgcodkemtawnwqxmdq1bdewntuemta1oqi5mai5mqi5mgi5mwi5nai5nqqxmdq5bdewmteemta1nwi5ngi5nwi5oaqxmda4ajk5azewmaqxmdm4azewmqmxmdidmtazazewnaqxmdqxbdewmzmdmta1azewngmxmdcdmta4azewoqmxmtadmtexazexmgqxmdm2bdewmdudmtezazexnaqxmda0azexnqqxmdm3azexngqxmdu0azexnwqxmde5azexoamxmtkdmtiwazeymqmxmjiemtayoaqxmduzazeymwmxmjqdmti1azeyngmxmjcdmti4bdewmjiemtaynwmxmjkdmtmwazezmqmxmzidmtmzazeznamxmzudmtm2azeznwmxmzgdmtm5aze0mbqra8cbz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnz2dnzxybzmqcaw8qzgqwagqcaw8wah8bagqcbq8wah8babyyagipzbyeagepzbycagepdxychwifa1pbugrkagmpzbycagepdxychwifa1vnu2rkagmpzbycagepzbycagepdxychwifa1pbugrkagqpzbycagepzbycagepdxychwifa1pbugrkagupzbycagepzbycagepdxychwifa1pbugrkagcpzbyeagepzbycagepdxychwifa1pbugrkagmpzbycagepdxychwifa1pbugrkaggpzbyeagepzbycagepdxychwifag0kzgqcaw9kfgicaq8pfgifagucdqpkzaijd2qwbaibd2qwagibdw8wah8cbqvlb2hhdgrkagmpzbycagepdxychwifbutvagf0zgqccg9kfgqcaq9kfgicaq8pfgifagudwkfqzgqcaw9kfgicaq8pfgifagudwkfqzgqccw9kfgqcaq9kfgicaq8pfgifagudwkfqzgqcaw9kfgicaq8pfgifamvkzaimd2qwagibd2qwagibdw8wah8czwrkag0pzbycagepzbycagepdxychwjlzgqcdg9kfgicaq9kfgicaq8pfgifamvkzaihdw8wah8czwrkag8pdxychwfnzgrk0i5tdiq4ptcbn3r6ycts3on7ixwcnaidntdujuyntha=","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":285,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"285","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default_Test.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATE","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1181","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\n__VIEWSTATEGENERATOR=5976FA1C\n\nThe user-controlled value was:\n5976fa1c","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"__VIEWSTATEGENERATOR","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1185","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n12","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1189","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddlPreferredModeOfReply=Post\n\nThe user-controlled value was:\npost","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddlPreferredModeOfReply","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1193","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender3_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender3_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1199","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender5_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender5_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1204","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtender6_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtender6_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1207","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nValidatorCalloutExtenderbkd_ClientState=INVALID\n\nThe user-controlled value was:\ninvalid","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ValidatorCalloutExtenderbkd_ClientState","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1213","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n121","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1272","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n122","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1273","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n123","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1274","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n126","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1277","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n127","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1278","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nddl_ProblemCategory=12\n\nThe user-controlled value was:\n128","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ddl_ProblemCategory","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1279","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [type] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1283","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/ep_Complaint/Default.aspx ()(DDDistrict,ImageButton1,TextBoxCustomBookingOffice,ValidatorCalloutExtender10_ClientState,ValidatorCalloutExtender11_ClientState,ValidatorCalloutExtender1_ClientState,ValidatorCalloutExtender2_ClientState,ValidatorCalloutExtender3_ClientState,ValidatorCalloutExtender4_ClientState,ValidatorCalloutExtender5_ClientState,ValidatorCalloutExtender6_ClientState,ValidatorCalloutExtender7_ClientState,ValidatorCalloutExtender8_ClientState,ValidatorCalloutExtender9_ClientState,ValidatorCalloutExtenderbkd_ClientState,__EVENTARGUMENT,__EVENTTARGET,__LASTFOCUS,__VIEWSTATE,__VIEWSTATEGENERATOR,ddlAddresseeCity,ddlPreferredModeOfReply,ddlSenderCity,ddlServiceType,ddl_ProblemCategory,txtAddresseeAddress,txtAddresseeEmail,txtAddresseeMobile,txtAddresseeName,txtAddresseeTel,txtSenderAddress,txtSenderEmail,txtSenderMobile,txtSenderName,txtSenderTel,txt_ArticleNo,txt_BookingDate,txt_ComplainantName,txt_ComplainantPhNo,txt_Remarks)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://ep.gov.pk/ep_Complaint/Default.aspx\n\nappears to include user input in:\na(n) [input] tag [value] attribute\n\nThe user input found was:\nImageButton1=Submit\n\nThe user-controlled value was:\nsubmit","method":"POST","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":294,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"294","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/Default.aspx","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"ImageButton1","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1285","alertRef":"10031"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"","method":"GET","evidence":"private","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":306,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"1296","alertRef":"10015"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":306,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1303","alertRef":"10109"},{"nodeName":"https://ep.gov.pk/locatepos.asp","sourceid":"3","other":"cookie:ASPSESSIONIDSUCBABCC","method":"GET","evidence":"ASPSESSIONIDSUCBABCC","pluginId":"10112","cweid":"-1","confidence":"Medium","sourceMessageId":306,"wascid":"-1","description":"The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.","messageId":"306","inputVector":"","url":"https://ep.gov.pk/locatepos.asp","tags":{},"reference":"https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/","solution":"This is an informational alert rather than a vulnerability and so there is nothing to fix.","alert":"Session Management Response Identified","param":"ASPSESSIONIDSUCBABCC","attack":"","name":"Session Management Response Identified","risk":"Informational","id":"1310","alertRef":"10112"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected 4 times, the first in likely comment: \"// Name: AjaxControlToolkit.Calendar.CalendarBehavior.debug.js\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ar.CalendarBehavior.debug.js","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":368,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"368","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1336","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/// The button used to select todays date\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" The button used to select todays date","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":368,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"368","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1337","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 10 times, the first in likely comment: \"/// The handler to remove from the event.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"e handler to remove from the event.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":368,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"368","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1338","alertRef":"10027"},{"nodeName":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd (d,t)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"/// Where the popup should be positioned relative to the target control.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"/// Where the popup should be","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":368,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"368","inputVector":"","url":"https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1339","alertRef":"10027"}]},"vulnerability_types":{"Missing Anti-clickjacking Header":18,"Cross-Domain JavaScript Source File Inclusion":22,"Absence of Anti-CSRF Tokens":21,"Modern Web Application":21,"Sub Resource Integrity Attribute Missing":21,"X-Content-Type-Options Header Missing":30,"Server Leaks Version Information via \"Server\" HTTP Response Header Field":31,"Strict-Transport-Security Header Not Set":33,"Server Leaks Information via \"X-Powered-By\" HTTP Response Header Field(s)":35,"Re-examine Cache-control Directives":20,"Content Security Policy (CSP) Header Not Set":18,"Cookie No HttpOnly Flag":17,"Cookie without SameSite Attribute":8,"Session Management Response Identified":13,"Information Disclosure - Suspicious Comments":12,"Vulnerable JS Library":2,"X-AspNet-Version Response Header":6,"Cookie Without Secure Flag":1,"User Controllable HTML Element Attribute (Potential XSS)":62,"SQL Injection":6},"owasp_top10":{"Unmapped / Other":305,"A01: Broken Access Control":21,"A05: Security Misconfiguration":63,"A06: Vulnerable and Outdated Components":2,"A03: Injection":6}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a1039ed037db99a93cd7cfb"},"created_at":{"$date":"2026-05-22T11:11:41.540Z"},"url":"https://ep.gov.pk/","tool":"owaspzap","result":{"status":"completed","target_url":"https://ep.gov.pk/","scan_timestamp":"20260522_091523","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"1","status":"completed","urls_found":85,"urls_list":["https://ep.gov.pk/","https://ep.gov.pk/international_tracking.asp","https://ep.gov.pk/hq/gridcss.css","https://ep.gov.pk/robots.txt","https://ep.gov.pk/images/search.gif","https://ep.gov.pk/images/ead.jpeg","https://ep.gov.pk/images/citizen_portal.png","https://ep.gov.pk/%DA%A9%D8%B1%DB%8C%DA%88%D9%B9","https://ep.gov.pk/CallCenter/OverlayPage.htm","https://ep.gov.pk/services.asp","https://ep.gov.pk/complaints.asp","https://ep.gov.pk/services/same_day_delivery.asp","https://ep.gov.pk/calculatepostage.asp","https://ep.gov.pk/F_C/Facilitation_centres.html","https://ep.gov.pk/specialoffers.asp","https://ep.gov.pk/Tender.asp","https://ep.gov.pk/CallCenter/Images/close%20btn.png","https://ep.gov.pk/CallCenter/Images/google-play-btn-.png","https://ep.gov.pk/CallCenter/Styles/style.css","https://ep.gov.pk/RestHouse.asp","https://ep.gov.pk/services/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/wz_jsgraphics.js","https://ep.gov.pk/Calculate_Postage/ums_calculate_postage.asp","https://ep.gov.pk/services/contactus.asp","https://ep.gov.pk/services/F_C/Facilitation_centres.html","https://ep.gov.pk/services/fms_intro.asp","https://ep.gov.pk/services/isp_intro.asp","https://ep.gov.pk/Calculate_Postage/umo_calculate_postage.asp","https://ep.gov.pk/ACG-67,","https://ep.gov.pk/Calculate_Postage/downloadPostApp.asp?file=pakpost.apk","https://ep.gov.pk/Calculate_Postage/images%5CValidated_EMS_Standard.pdf","https://ep.gov.pk/services/ums_intro.asp","https://ep.gov.pk/others","https://ep.gov.pk/Calculate_Postage/F_C/Facilitation_centres.html","https://ep.gov.pk/Calculate_Postage/style.css","https://ep.gov.pk/Calculate_Postage/contactus.asp","https://ep.gov.pk/Calculate_Postage/isp_calculate_postage.asp","https://ep.gov.pk/Calculate_Postage/umo_calculated_postage.asp","https://ep.gov.pk/2nd","https://ep.gov.pk/Calculate_Postage/isp_calculated_postage.asp","https://ep.gov.pk/services/cod_intro.asp","https://ep.gov.pk/ep_Complaint/Default_Test.aspx","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=z8yOly3moIAZ5s6gAn3zcPPhcH7FjuJHN3dKJEw606dU2sfe6WAYyLNdt5YsnXwkrYiffbGtmrgjXzVpbLE0a0gFS-CS4FiAY6uH8qRaFcDC46mjMZ7JSw-fQCV-Cd8xtYVYtU4v4RGNRXkWAyZSwxqRQegEcgHLkkmoLhjxMyU1&t=ffffffff9b7d03cf","https://ep.gov.pk/aboutus.asp","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=NWzA0_daI3_D_NJp0c8MzJrGi1qlw9sGUc13s-En0MWnNeEb2LHHMidXQ94B_ocfKPZezq5Cpz1swVfxTet_WJh0ApJxw_nqUD3KZx_icdJ_Y-4YRWeiesYLi-ru2vykY-tFnI4IIPvQjF_4Ac9OLoOX2AMQklXctIiFYPKEByc1&t=634442468680000000","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=3RhAMIgdbN63BPJb1iSlcS-DmhvxNNv37m9oFTRT3zcJOYWNkoRd9OBHb-ejUuptgzfhsO5fRkg-qlQW-7WECuHHY2Fr6NI4uAvOg1UhRr5pQ1cfbnHkzMM5y0XI3S7M3XxsNbAW46plhqtgzSp49TuyKVk1GivN70_9OXoDGTo0_1wA5UTO9TtIn8csVY9y0&t=634442468680000000","https://ep.gov.pk/ep_Complaint/loading_icon.gif","https://ep.gov.pk/awards.asp","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=Y2eOyuXjEJWig1IxJAkA4pItUriujPK-B50_hhkKuP56eYaPknOz3aebDygmIj1U18jVCWxuz7g5asb0t_ZnCFoMTJFDMNI6WvTXnyTaOp3mZYErPjEyQHVYfXwctiJGuhhweRWmytXXZGrEvmjomoyECIYY5uJl1fGGGB5MDvA1&t=ffffffffe929205a","https://ep.gov.pk/images/delivery%20post.png","https://ep.gov.pk/ep_Complaint/jquery-ui.css","https://ep.gov.pk/ep_Complaint/WebResource.axd?d=BbSBvXhD8EthEiTR5PhSkrKBGc8JeJ6dfeEu5UukXLtukekPyk-MC0s9l10uBFNKzlf7za_l1Q20VlmHYl5w8s4UGDuQJMrJWeea5dLDXd01&t=637568388846384355","http://ep.gov.pk/contactus.asp","https://ep.gov.pk/Tender_Notice%5CTender%20Notice-Mobile%20Phones.pdf","https://ep.gov.pk/ep_Complaint/jquery-1.5.1.js","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=GIQCkj7vp-zaMkbfTs_VTsOFyjKNjcLyCUI2E3TiHjfrCKmkAhqndW_soT_pM1e4TIu0jtwUpmW_jNSDh497XNM9o7PLLU9fDjUj8gewsvhWRN2f0VBFxuvH8Ihk3tOp6uQSxgGsDueTxmkBZRMmmFIQ7msxtZsjoNVyv3cFCOg1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=lJjEyTZiugz_h1GaAo0d7mof4H0TfizAHLgPf_01qyfLjkp692oHSmkiUIu6XZAPmhzflzatpF1GbjlPBRWOzFUbop3nJenaIA90hR_8EM95ngdm2_R8KM-viUH4ndFEAlgcSantp33NyTZvM5yCvPfl4KzWTQHB8ABPh4SuH9NQlYoA0Pi7cVj90foEbNb-0&t=363be08","https://ep.gov.pk/HQ/gridcss.css","https://ep.gov.pk/services/emsp_intro.asp","https://ep.gov.pk/tariff/emo_tariff.asp","https://ep.gov.pk/services/umsovernight_intro.asp","https://ep.gov.pk/customers_guide.asp","https://ep.gov.pk/sitemap.asp","https://ep.gov.pk/Calculate_Postage/ums_calculated_postage.asp","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=ccE8YupVPY4KvSRgDTm0I-eQnmG_w1Bh7b4Gui3L7OZO3ESVFskCHY9TFLuJZhOpL2enFk9IjcmX3Ge6I4Dz3s80_DtunuCDB494JdJpWFc495Ra8NlVFgd4nb_N2Mp_tarnv2iW3swixlRHy8tfqceBkL7KjsDvLPvA93HmRns1&t=ffffffff9b7d03cf","https://ep.gov.pk/ep_Complaint/jquery-ui-1.8.14.js","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background4.jpg","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background1.jpg","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=cc2LHxWkDOV1k29cK4xi1w-0cvrv7oTUWaiW8TpxpXlvZsjetUMyol4Ct4aa2s-b26te8WbeNinTr_Nm1UQQwRxT803Vtq9R_UuDfzDFv-XjpAa5f1d4KkBIOUHf_EqtMNHEH_cDJaDywNNVKdSV78SmojI0JErJvgKtg_AIeRmBxc1F9YGvmeL4I4D_DZYx0&t=363be08","https://ep.gov.pk/images/emsp_plus.png","https://ep.gov.pk/Calculate_Postage/fmo_calculate_postage.asp","https://ep.gov.pk/Notice.pdf","https://ep.gov.pk/Calculate_Postage/fmo_calculated_postage.asp","https://ep.gov.pk/Tender_Notice%5CUMS%20Plus%5CUMS%20Plus%20Tender.jpeg","https://ep.gov.pk/Tender_Notice%5CTender%20Document%20for%20Selection%20of%20Airlines%20&%20Transport%20Partners.pdf","https://ep.gov.pk/ep_Complaint/Default.aspx","https://ep.gov.pk/Calculate_Postage/images%5CpostalRanking.jpg","https://ep.gov.pk/Tender_Notice%5CTender%20Documents%20of%20UMS-Plus%2004-02-2022_revise.pdf","https://ep.gov.pk/locatepos.asp","https://ep.gov.pk/F_C/e3e0e760-d81e-11eb-a980-0cc47a792c0a_id_e3e0e760-d81e-11eb-a980-0cc47a792c0a_files/background2.jpg","https://ep.gov.pk/%DA%A9%D8%A7%D9%84","https://ep.gov.pk/ep_Complaint/ScriptResource.axd?d=5X9h5uxSLZ6O3UCGHwU-7RUY6GZ_12iRbn4WEzC1FT5dPUxafKQWvk_PboFqdyxsRy-3LUmztVOgTqlL2UneJ5mBiwJzj1uKrAAhrb9CzCNiulwapZwMa3zWDqjtaVotMH3OoQX5ARB6-msYDU-I-BpTyk8SPAOO9QkaJW08cCXWwvQkbqFBkKcc4-d_SHZn0&t=ffffffff9b7d03cf","https://ep.gov.pk/Tender_Notice%5C2022-02-18-Corrigendum-Tender-Notice-for-State-of-the-Art-Under-The-Directorate-General-Pakistan-Post-Office-Ibd.jpg","https://ep.gov.pk/2021-07-29.pdf","https://ep.gov.pk/Tender_Notice%5Cfedex.pdf"],"duration":1.6942579746246338},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.03096437454224},"passive_scan":{"status":"completed","duration":0.002170085906982422},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"ep.gov.pk","open_ports":[80],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/ascan/view/status/?scanId=1 (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"vulnerabilities":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"},"reports":{"status":"failed","error":"HTTPConnectionPool(host='localhost', port=5050): Max retries exceeded with url: /JSON/core/view/alerts/ (Caused by NewConnectionError(\"HTTPConnection(host='localhost', port=5050): Failed to establish a new connection: [Errno 111] Connection refused\"))"}}},"summary":""},{"_id":{"$oid":"6a135ba66503988b9a0c228d"},"created_at":{"$date":"2026-05-24T20:12:22.692Z"},"url":"https://cp-club-vjti.vercel.app/","tool":"owaspzap","result":{"status":"completed","target_url":"https://cp-club-vjti.vercel.app/","scan_timestamp":"20260524_200832","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":3,"urls_list":["https://cp-club-vjti.vercel.app/sitemap.xml","https://cp-club-vjti.vercel.app/","https://cp-club-vjti.vercel.app/robots.txt"],"duration":10.047475099563599},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.07179951667786},"passive_scan":{"status":"completed","duration":0.010965585708618164},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"cp-club-vjti.vercel.app","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":60.014729499816895},"vulnerabilities":{"total_alerts":67,"high_risk":0,"medium_risk":3,"low_risk":12,"informational":52,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":5,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"5","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"0","alertRef":"10038-1"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":4,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"4","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1","alertRef":"10038-1"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":8,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"8","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"24","alertRef":"10038-1"}],"Low":[{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":5,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"5","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"6","alertRef":"10035-1"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":5,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"5","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"X-Vercel-Challenge-Token","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"7","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":5,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"5","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"X-Vercel-Id","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"8","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":5,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"5","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"9","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":4,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"4","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"10","alertRef":"10035-1"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":4,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"4","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"X-Vercel-Challenge-Token","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"13","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":4,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"4","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"X-Vercel-Id","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"16","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":4,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"4","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"18","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":8,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"8","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"26","alertRef":"10035-1"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":8,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"8","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"X-Vercel-Challenge-Token","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"27","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":8,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"8","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"X-Vercel-Id","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"28","alertRef":"10096"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"3","other":"1779653358, which evaluates to: 2026-05-24 20:09:18.","method":"GET","evidence":"1779653358","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":8,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"8","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"29","alertRef":"10096"}],"Informational":[{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"3","other":"A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":5,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"5","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3","alertRef":"10109"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":7,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"7","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"4","alertRef":"10109"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"3","other":"A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":4,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"4","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"5","alertRef":"10109"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"3","other":"A noScript tag has been found, which is an indication that the application works differently with JavaScript enabled compared to when it is not.","method":"GET","evidence":"","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":8,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"8","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"25","alertRef":"10109"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"171","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"32","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"176","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"33","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"177","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"34","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"178","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"35","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"179","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"36","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"181","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"37","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"183","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"38","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"186","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"39","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":187,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"187","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"40","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"191","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"41","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":192,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"192","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"42","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"193","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"43","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"198","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"44","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"199","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"45","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"200","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"46","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":201,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"201","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"47","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"206","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"48","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"207","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"49","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":208,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"208","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"50","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"209","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"51","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"213","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"52","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"215","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"53","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"216","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"54","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":217,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"217","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"55","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"219","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"56","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"224","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"57","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"225","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"58","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"226","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"59","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"227","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"60","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"230","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"61","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"231","inputVector":"","url":"https://cp-club-vjti.vercel.app/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"62","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"233","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"63","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":235,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"235","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"64","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"237","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"65","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"239","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"66","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":241,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"241","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"67","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"243","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"68","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"245","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"69","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"247","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"70","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/sitemap.xml","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":5,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"249","inputVector":"","url":"https://cp-club-vjti.vercel.app/sitemap.xml","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"71","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":251,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"251","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"72","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":253,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"253","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"73","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"255","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"74","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":257,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"257","inputVector":"","url":"https://cp-club-vjti.vercel.app","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"75","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"259","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"76","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"261","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"77","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"263","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"78","alertRef":"10104"},{"nodeName":"https://cp-club-vjti.vercel.app/robots.txt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":8,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"265","inputVector":"","url":"https://cp-club-vjti.vercel.app/robots.txt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"79","alertRef":"10104"}]},"vulnerability_types":{"Content Security Policy (CSP) Header Not Set":3,"Modern Web Application":4,"Strict-Transport-Security Header Not Set":3,"Timestamp Disclosure - Unix":9,"User Agent Fuzzer":48},"owasp_top10":{"Unmapped / Other":64,"A05: Security Misconfiguration":3}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a15ad739e9577f197183c08"},"created_at":{"$date":"2026-05-26T14:24:53.138Z"},"url":"https://www.dahd.gov.in/","tool":"owaspzap","result":{"status":"completed","target_url":"https://www.dahd.gov.in/","scan_timestamp":"20260526_105952","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":1928,"urls_list":["https://www.dahd.gov.in/robots.txt","https://www.dahd.gov.in/","https://www.dahd.gov.in/hi","https://www.dahd.gov.in/sitemap.xml","https://www.dahd.gov.in/about-us/about-departments","https://www.dahd.gov.in/about-us/allocation-business-rules","https://www.dahd.gov.in/documents/procurement-projections-dahd","https://www.dahd.gov.in/office_order_circular","https://www.dahd.gov.in/document/assets-dahd","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/details.module.css?tfn4vu","https://www.dahd.gov.in/document/citizencharter","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/progress.module.css?tfn4vu","https://www.dahd.gov.in/themes/mindahd/favicon.ico","https://www.dahd.gov.in/about-us/vision-mission-objective","https://www.dahd.gov.in/faq","https://www.dahd.gov.in/annual-report","https://www.dahd.gov.in/themes/contrib/classy/css/components/exposed-filters.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/container-inline.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/fieldgroup.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/tablesort.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/views/views.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/align.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/position-container.module.css?tfn4vu","https://www.dahd.gov.in/libraries/flexslider/flexslider.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/js.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/system-status-report-counters.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/item-list.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/system-status-counter.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/reset-appearance.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/hidden.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/field.css?tfn4vu","https://www.dahd.gov.in/document/acts-rules-notifications","https://www.dahd.gov.in/division/international-cooperation","https://www.dahd.gov.in/modules/cmf/cmf_design/css/base-responsive.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/system-status-report-general-info.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2026-05/UDCPostRFSHyderabad.pdf","https://www.dahd.gov.in/modules/cmf/cmf_design/css/font.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/tablesort.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/tableselect.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/ajax-progress.module.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/node.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/textarea.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/nowrap.module.css?tfn4vu","https://www.dahd.gov.in/themes/mindahd/css/style.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/tabs.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/clearfix.module.css?tfn4vu","https://www.dahd.gov.in/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/modules/cmf/cmf_design/css/print.css?tfn4vu","https://www.dahd.gov.in/core/assets/vendor/once/once.min.js?v=1.0.1","https://www.dahd.gov.in/themes/contrib/classy/css/components/action-links.css?tfn4vu","https://www.dahd.gov.in/schemes-programmes","https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","https://www.dahd.gov.in/core/misc/drupalSettingsLoader.js?v=10.4.7","https://www.dahd.gov.in/themes/contrib/classy/css/components/collapse-processed.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css/normalize.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/css/font-awesome.min.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/core/normalize-fixes.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/js/framework.js?v=1.x","https://www.dahd.gov.in/modules/cmf/cmf_design/js/cmf_design.js?v=1.x","https://www.dahd.gov.in/core/misc/drupal.init.js?v=10.4.7","https://www.dahd.gov.in/themes/contrib/classy/css/components/button.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/resize.module.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/easy_sitemap/css/easy_sitemap.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/css/grid.css?tfn4vu","https://www.dahd.gov.in/who-s-who","https://www.dahd.gov.in/division/administration/aparcell/forms","https://www.dahd.gov.in/modules/cmf/cmf_design/css/base.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/js/ma5gallery.js?v=1.x","https://www.dahd.gov.in/themes/mindahd/js/megamenu.js?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/js/swithcer.js?v=1.x","https://www.dahd.gov.in/core/assets/vendor/tabbable/index.umd.min.js?v=6.2.0","https://www.dahd.gov.in/themes/mindahd/js/custom.js?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/js/font-size.js?v=1.x","https://www.dahd.gov.in/themes/contrib/classy/css/components/details.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/css/flexslider.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/breadcrumb.css?tfn4vu","https://www.dahd.gov.in/core/misc/drupal.js?v=10.4.7","https://www.dahd.gov.in/themes/mindahd/js/ma5gallery.js?tfn4vu","https://www.dahd.gov.in/modules/contrib/flexslider/dist/js/flexslider.load.min.js?tfn4vu","https://www.dahd.gov.in/themes/mindahd/js/framework.js?tfn4vu","https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","https://www.dahd.gov.in/modules/password_encrypt/js/password_encrypt.js?v=10.4.7","https://www.dahd.gov.in/core/misc/progress.js?v=10.4.7","https://www.dahd.gov.in/themes/mindahd/js/easyResponsiveTabs.js?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-facebook.png","https://www.dahd.gov.in/modules/contrib/flexslider/assets/css/flexslider_img.css?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/js/jquery.flexslider.js?v=1.x","https://www.dahd.gov.in/themes/contrib/classy/css/components/form.css?tfn4vu","https://www.dahd.gov.in/themes/mindahd/js/theme.js?tfn4vu","https://www.dahd.gov.in/modules/cmf/cmf_design/images/cmf-logo.png","https://www.dahd.gov.in/libraries/flexslider/jquery.flexslider-min.js?tfn4vu","https://www.dahd.gov.in/divisions/administration/admin-i","https://www.dahd.gov.in/division/kcc","https://www.dahd.gov.in/themes/mindahd/js/jquery.flexslider-min.js?tfn4vu","https://www.dahd.gov.in/sites/default/files/2026-03/GeMBidNoGEM2026B7314173-05-03-2026.pdf","https://www.dahd.gov.in/parliament/parliament_questions","https://www.dahd.gov.in/themes/contrib/classy/css/components/container-inline.css?tfn4vu","https://www.dahd.gov.in/documents/tender","https://www.dahd.gov.in/ahidf-scheme-brochure","https://www.dahd.gov.in/themes/mindahd/js/jquery-accessibleMegaMenu.js?tfn4vu","https://www.dahd.gov.in/division/trade","https://www.dahd.gov.in/core/assets/vendor/jquery/jquery.min.js?v=3.7.1","https://www.dahd.gov.in/sites/default/files/2026-05/PostOfAssistantRFSHisar.pdf","https://www.dahd.gov.in/themes/contrib/classy/css/components/links.css?tfn4vu","https://www.dahd.gov.in/pashu-aushadhi","https://www.dahd.gov.in/sites/default/files/2026-03/GeM-bidding-with-ATC-of-taxis-for-short-terms.pdf","https://www.dahd.gov.in/themes/contrib/classy/css/components/inline-form.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/pager.css?tfn4vu","https://www.dahd.gov.in/document/demand-grants","https://www.dahd.gov.in/themes/contrib/classy/css/components/link.css?tfn4vu","https://www.dahd.gov.in/themes/mindahd/css/site.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/more-link.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-01/georage_kurian_new.jpg","https://www.dahd.gov.in/sites/default/files/2023-07/TheLive-stockImportationAct-1898.pdf","https://www.dahd.gov.in/themes/contrib/classy/css/components/ui-dialog.css?tfn4vu","https://www.dahd.gov.in/division/budget-ifd","https://www.dahd.gov.in/themes/contrib/classy/css/components/tabledrag.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/icons.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/menu.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/progress.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/classy/css/components/messages.css?tfn4vu","https://www.dahd.gov.in/extension-publicity/coffee-table-books","https://www.dahd.gov.in/division/awd","https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","https://www.dahd.gov.in/sites/default/files/2023-07/TheCattle-TrespassAct-1871.pdf","https://www.dahd.gov.in/themes/mindahd/js/accesibile.js?tfn4vu","https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js?tfn4vu","https://www.dahd.gov.in/dahd-dashboard","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-accessibility.png","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-youtube.png","https://www.dahd.gov.in/core/misc/debounce.js?v=10.4.7","https://www.dahd.gov.in/core/assets/vendor/loadjs/loadjs.min.js?v=4.3.0","https://www.dahd.gov.in/themes/mindahd/images/icons/pdf-download-icon.png","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-twitter.png","https://www.dahd.gov.in/core/misc/announce.js?v=10.4.7","https://www.dahd.gov.in/themes/contrib/classy/css/components/item-list.css?tfn4vu","https://www.dahd.gov.in/themes/contrib/stable/css/system/components/sticky-header.module.css?tfn4vu","https://www.dahd.gov.in/extension-publicity/iec-material","https://www.dahd.gov.in/core/modules/views/js/ajax_view.js?v=10.4.7","https://www.dahd.gov.in/divisions/administration/admin-II","https://www.dahd.gov.in/documents/accounts-glance","https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","https://www.dahd.gov.in/core/misc/message.js?v=10.4.7","https://www.dahd.gov.in/modules/cmf/cmf_design/js/easyResponsiveTabs.js?v=1.x","https://www.dahd.gov.in/sites/default/files/2023-08/pmnrf.png","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-social.png","https://www.dahd.gov.in/sites/default/files/2023-08/myvisit-logo.png","https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","https://www.dahd.gov.in/core/modules/statistics/statistics.js?v=10.4.7","https://www.dahd.gov.in/sites/default/files/2026-05/English.pdf","https://www.dahd.gov.in/pashupedia","https://www.dahd.gov.in/external-link","https://www.dahd.gov.in/division/administration/cash-section","https://www.dahd.gov.in/sites/default/files/2025-01/shri_rajiv_ranjan_new.jpg","https://www.dahd.gov.in/web-information-manager","https://www.dahd.gov.in/website-policy","https://www.dahd.gov.in/sites/default/files/2023-08/GoiDirectory.png","https://www.dahd.gov.in/divisions/administration/vigilance-apar","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-sitemap.png","https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","https://www.dahd.gov.in/node/4041","https://www.dahd.gov.in/sites/default/files/2023-08/pg-portal.png","https://www.dahd.gov.in/disclaimer","https://www.dahd.gov.in/themes/mindahd/images/videos1.png","https://www.dahd.gov.in/node/2786","https://www.dahd.gov.in/themes/mindahd/images/photos1.png","https://www.dahd.gov.in/sites/default/files/2025-01/sp_singh_baghel_new.jpg","https://www.dahd.gov.in/sites/default/files/languages/hi_L5Se198HwPn1Hw8b2ByxLOUeyYZZ98Yzr0j_2TaSpw8.js?tfn4vu","https://www.dahd.gov.in/cyber-security-awareness-month","https://www.dahd.gov.in/nlm-scheme-brochure","https://www.dahd.gov.in/whats-new","https://www.dahd.gov.in/themes/mindahd/images/feedback1.png","https://www.dahd.gov.in/themes/mindahd/images/icons/application-pdf.png","https://www.dahd.gov.in/node/582","https://www.dahd.gov.in/monthly-cabinet-report","https://www.dahd.gov.in/hi/document/assets-dahd","https://www.dahd.gov.in/sites/default/files/2024-06/ShriGeorageKurian.jpg","https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","https://www.dahd.gov.in/kcc-scheme-brochure","https://www.dahd.gov.in/contact_us","https://www.dahd.gov.in/hi/about-us/allocation-business-rules","https://www.dahd.gov.in/sites/default/files/2026-05/DrPraveenMalik.pdf","https://www.dahd.gov.in/documents/e-office","https://www.dahd.gov.in/node/581","https://www.dahd.gov.in/sites/default/files/2026-02/ALL-TENDER-DOCUMENTS.pdf","https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","https://www.dahd.gov.in/hi/divisions/administration/admin-i","https://www.dahd.gov.in/themes/mindahd/images/icons/media.png","https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","https://www.dahd.gov.in/hi/annual-report","https://www.dahd.gov.in/help","https://www.dahd.gov.in/video-gallery","https://www.dahd.gov.in/hi/extension-publicity/sire-directory","https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","https://www.dahd.gov.in/hi/division/trade","https://www.dahd.gov.in/sites/default/files/2023-07/External_links_0.png","https://www.dahd.gov.in/libraries/CryptoJS/aes.js?v=10.4.7","https://www.dahd.gov.in/hi/dahd-dashboard","https://www.dahd.gov.in/hi/document/acts-rules-notifications","https://www.dahd.gov.in/sites/default/files/2024-06/ShriRajivRanjan.jpg","https://www.dahd.gov.in/hi/division/kcc","https://www.dahd.gov.in/hi/cyber-security-awareness-month","https://www.dahd.gov.in/sites/default/files/2023-08/india-portal.png","https://www.dahd.gov.in/office_order_circular/vci-related","https://www.dahd.gov.in/hi/division/awd","https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","https://www.dahd.gov.in/modules/cmf/cmf_design/images/ico-site-search.png","https://www.dahd.gov.in/form/contact","https://www.dahd.gov.in/hi/schemes-programmes","https://www.dahd.gov.in/core/misc/jquery.form.js?v=4.3.0","https://www.dahd.gov.in/office_order_circular/programmes-events","https://www.dahd.gov.in/hi/photo-gallery","https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","https://www.dahd.gov.in/hi/video-gallery","https://www.dahd.gov.in/sites/default/files/2023-08/ICCCC.png","https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","https://www.dahd.gov.in/hi/documents/e-office","https://www.dahd.gov.in/sites/default/files/2023-08/ECI.png","https://www.dahd.gov.in/hi/node/2814","https://www.dahd.gov.in/sites/default/files/2023-08/e-gazette.png","https://www.dahd.gov.in/sites/default/files/2023-08/STQC.png","https://www.dahd.gov.in/office_order_circular/rules-regulation","https://www.dahd.gov.in/office_order_circular/notifications","https://www.dahd.gov.in/hi/pashupedia","https://www.dahd.gov.in/hi/division/administration/aparcell/forms","https://www.dahd.gov.in/hi/nlm-scheme-brochure","https://www.dahd.gov.in/hi/node/3954","https://www.dahd.gov.in/office_order_circular/miscellaneous","https://www.dahd.gov.in/sites/default/files/2025-04/10yearsmudra.png","https://www.dahd.gov.in/photo-gallery","https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","https://www.dahd.gov.in/hi/kcc-scheme-brochure","https://www.dahd.gov.in/sites/default/files/2024-06/ShriSpSinghBaghel.jpg","https://www.dahd.gov.in/document/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/about-us/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/documents/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/office_order_circular/dms-related","https://www.dahd.gov.in/feedback","https://www.dahd.gov.in/hi/node/4038","https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","https://www.dahd.gov.in/hi/disclaimer","https://www.dahd.gov.in/schemes/programmes/npdd","https://www.dahd.gov.in/hi/document/demand-grants","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/OMDated13072023JustInTimeReleaseOfCSSfundsThroughEkuberPlatformOfRBI.pdf","https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","https://www.dahd.gov.in/hi/ahidf-scheme-brochure","https://www.dahd.gov.in/default.aspx","https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","https://www.dahd.gov.in/hi/node/4042","https://www.dahd.gov.in/core/modules/views/js/base.js?v=10.4.7","https://www.dahd.gov.in/sites/default/files/2026-05/Requestletter.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc/MeetingConferencesDOEOrderDated06052015.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/prevention-cruelty-animals-act-1960.pdf","https://www.dahd.gov.in/hi/faq","https://www.dahd.gov.in/hi/divisions/administration/rti","https://www.dahd.gov.in/hi/documents/accounts-glance","https://www.dahd.gov.in/parliament/rajya-sabha-questions","https://www.dahd.gov.in/hi/office_order_circular","https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","https://www.dahd.gov.in/divisions/administration/rti","https://www.dahd.gov.in/division/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/divisions/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/hi/documents/tender","https://www.dahd.gov.in/hi/division/international-cooperation","https://www.dahd.gov.in/sites/default/files/2023-11/SignedCertificateDAHD.PDF","https://www.dahd.gov.in/sites/default/files/2023-07/External_links.png","https://www.dahd.gov.in/hi/parliament/parliament_questions","https://www.dahd.gov.in/hi/about-us/vision-mission-objective","https://www.dahd.gov.in/hi/external-link","https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","https://www.dahd.gov.in/office_order_circular/recruitment-rules","https://www.dahd.gov.in/hi/division/administration/cash-section","https://www.dahd.gov.in/themes/mindahd/images/publications1.png","https://www.dahd.gov.in/hi/extension-publicity/iec-material","https://www.dahd.gov.in/themes/contrib/stable/js/ajax.js?v=10.4.7","https://www.dahd.gov.in/extension-publicity/sire-directory","https://www.dahd.gov.in/en","https://www.dahd.gov.in/hi/pashu-aushadhi","https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","https://www.dahd.gov.in/schemes/programmes/sdcfpo","https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","https://www.dahd.gov.in/node/3238","https://www.dahd.gov.in/hi/contact_us","https://www.dahd.gov.in/hi/web-information-manager","https://www.dahd.gov.in/hi/about-us/aboutdepartments","https://www.dahd.gov.in/schemes/programmes/ahidf","https://www.dahd.gov.in/hi/feedback","https://www.dahd.gov.in/core/misc/ajax.js?v=10.4.7","https://www.dahd.gov.in/sites/default/files/2023-08/DigitalIndia.png","https://www.dahd.gov.in/schemes-programmes/lhdcp","https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","https://www.dahd.gov.in/themes/mindahd/css/flexslider?tfn4vu","https://www.dahd.gov.in/sites/default/files/2026-01/corrigendum.pdf","https://www.dahd.gov.in/hi/useful-links","https://www.dahd.gov.in/themes/mindahd/js/jquery.js","https://www.dahd.gov.in/themes/contrib/classy/css/components/file.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-09/ImportofEggsEgg-ProductsIntoIndia.pdf","https://www.dahd.gov.in/hi/help","https://www.dahd.gov.in/hi/node/1986","https://www.dahd.gov.in/division/administration/aparcell/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/modules/cmf/cmf_design/images/logo_G20.png","https://www.dahd.gov.in/parliament/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2026-01/OM23Jan2026VHCforImportOfOvineMeatandOvineMeatProductsIntoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2025-06/SancharSaathiPortalAppHindi.jpeg","https://www.dahd.gov.in/sites/default/files/2025-09/ImportofPoultryMeatPoultryMeatProductsIntoIndia_0.pdf","https://www.dahd.gov.in/hi/who-s-who","https://www.dahd.gov.in/hi/node/2787","https://www.dahd.gov.in/hi/node/1987","https://www.dahd.gov.in/sites/default/files/2023-07/CertificateofTtransferofChargeHindi.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions","https://www.dahd.gov.in/sites/default/files/2023-07/PublicProcurementProjectionsForNext5Years.pdf","https://www.dahd.gov.in/hi/website-policy","https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-02/PM-KisanSammanNidhiYogna.jpg","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofOvineEmbryointoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/indian-veterinary-council-act-1984.pdf","https://www.dahd.gov.in/hi/node/3239","https://www.dahd.gov.in/sites/default/files/2024-04/Citizens-Charter-2023-24.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/DraftVeterinaryHealthCertificateForImportofEquidSemenIntoIndia_0.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/national-dairy-development-board-act-1987.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/prevention-control-of-infectious-contagious-diseases-animals-act.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/DraftVeterinaryHealthCertificateForImportOfEquidsAndNonEquidPerissodactyls.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh/DoEOMDated27032025ProposalToBeSent15DaysBeforeEvent.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/8thCentralPayCommissionQuestionnaire_0.jpeg","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature/DOEOMDated20102023FundFlowToUTWithoutLegislature.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/ProformaForTakingPriorPermissionByGovernmentServantForPrivateVisitsAbroad.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/JoiningReportHindi.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/OM11May2026ImportofGelatineinIndia.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/JoiningReportEnglish.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/2017-18DDG.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/NewGPF4.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/2018-19DDG.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/DDG2023-24ofMoFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCForImportOfPorcineSemen.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/SOPsforquarantineofwildanimalsinZoofacility.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/DraftNotificationOfVHCForImportOfSkinAndHide.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/NoticeDated24December2025_0.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/CertificateofTtransferofCharge.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/MahatmeReleivingorder_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes/GuidelinesAppraisalApprovalSchemesProjectsDOEOMDated05082016.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DraftRRsForPostOfMTS_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/ImplementationofAnnualIncentiveScheme_0.pdf","https://www.dahd.gov.in/sites/default/files/2025-09/ImportofHatchingEggsDayOldPoultry-LivePoultryIntoIndia_0.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/MONGOLIA.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund/17082016NitiAayogCSS.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/OMDated2April2026VHCForImportOfBovineSerumIntoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/CeilinginGPFSubscription.pdf","https://www.dahd.gov.in/sites/default/files/2024-12/OM-1_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan/DOEOMDated21022023AAP.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/GSR737-07-10-2025-VHCLiveEquine.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/AnnexureC.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/OM5March2026VHCForImportOfGelatine.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/HindiFile2026.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DraftRRsForPostOfMTS.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/NotifyingImportofPetDogandCatCIALKochi.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/DOESASCIGuidelines2026-27Dt27.03.2026.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/DDG202627MoFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2024-12/OM30thDec2024-ModelCoA.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/OMDated6April2026VHCForImportOfOvineAndCaprineMeatIntoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/DDG2025-26MoFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/Form1NominationForRetirementGratuity.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/MOROCCO.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/AllTenderDocuments.pdf","https://www.dahd.gov.in/sites/default/files/2023-06/OMdated15July2020onCTHlinesunderNoTestingcategory.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/UK.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/AssetsOfDAHD.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/Re-ConstitutionofAnimalWelfareBoard.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh/DoEOMDated30052018RegExpenditureAbove40LakhForSeminarWorkshopetc.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/OM12Mar2026onFacilitationofImportofPetsfromMiddleEastCountries.pdf","https://www.dahd.gov.in/sites/default/files/2025-09/NIC-merged.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoE07082023MotherSanctionUpto50PercentOfAAPInOneGo.pdf","https://www.dahd.gov.in/sites/default/files/2025-03/OM20March2025.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes/DoEOMDated21102022RegardingAppraisalAndApprovalOfPublicFundedSchemesAndProjects.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/GoodHusbandryPracticesinPigFarming_0.pdf","https://www.dahd.gov.in/sites/default/files/2025-03/Notification.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments/ProcurementOfGoods2024.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/ChannelofSubmission.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/AnnualReport2025-26.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/2020-21-DDG.pdf","https://www.dahd.gov.in/sites/default/files/2024-08/IntegratedVHCForImportOfMilkAndMilkProducts.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/OMStrategyDocumenmtonPreventionandControlofMastitis_1.pdf","https://www.dahd.gov.in/sites/default/files/2024-07/ImportOfPetCatIntoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM/DOEOMDated4thJan2024ForCreationRevivalAndAbolitionInAutonomousBody.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/GeMBiddingwithATCAirConditioners.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/OM21December2022NotifyingConsolidatedListOfAnimalFeedForImportIntoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/How_to_apply_for_SIP_Approval_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/AdvisoryHPAINonPoultry_1.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/DirectorAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoEOMSNASPARSH091225.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/ReminderII-Timeline-for-recording-APAR.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/PetFoodProbioticsAdditionalCondition.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/EAuctionNotice.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/DOE-OM-Dated10-03-2026iroSNA-SPARSH.pdf","https://www.dahd.gov.in/documents/tender?field_date_value=1","https://www.dahd.gov.in/sites/default/files/2023-07/EAuctionNotice0.pdf","https://www.dahd.gov.in/extension-publicity/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2023-07/AuctionNotice.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LetterUserChargesfor-SIPs.pdf","https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","https://www.dahd.gov.in/sites/default/files/2025-09/ExtensionOfTimelines.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/VacancyCirculars.pdf","https://www.dahd.gov.in/extension-and-publicity/success-story/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-10/AuctionNotice.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/APARTimeline.pdf","https://www.dahd.gov.in/sites/default/files/2025-05/TimelinesForRecordingOfAPARExtensionOfTimeline.pdf","https://www.dahd.gov.in/sites/default/files/2025-07/TimelinesAPARs2024-25.pdf","https://www.dahd.gov.in/sites/default/files/2025-08/Reminder.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/CreationGenerationAPARs.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/FinalQuarantineClearnaceofPetDogPetCat.pdf","https://www.dahd.gov.in/sites/default/files/2025-06/TimelineForAPAR.pdf","https://www.dahd.gov.in/themes/mindahd/images/icons/play.png","https://www.dahd.gov.in/sites/default/files/2023-07/OMdated10August2020onVHCforimportofMilkandMilkProducts.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/Fisherysamplenotification.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/DogandCatFoodNotificationSO3926E22Sept2021.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DrBMNaveena.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/sign-347.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/NationalGopalRatnaAward2025Winners.pdf","https://www.dahd.gov.in/sites/default/files/2025-05/CSS.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/Eoffice-AccountCreationForm.pdf","https://www.dahd.gov.in/sites/default/files/2023-11/OM10November2023-NotifyingConsolidatedListOfAnimalFeedAdditivesForImportIntoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/NotificationSO489EDated4February.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/Extension-of-timelines-for-recording-of-PAR-2025-26-for-AIS-Officers.pdf","https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA/OMDated06062025AllSecysWithEncls.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/Gazzete16112018.pdf","https://www.dahd.gov.in/sites/default/files/2025-03/TestingofRawHideSkin-Furskins.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/HealthCertificate1.pdf","https://www.dahd.gov.in/hi/divisions/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-07/Reminder-TimelyCompletionofAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/AHIDF-E.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/APAR2024-25.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/DAHDDashboardNLM.pdf","https://www.dahd.gov.in/sites/default/files/2025-07/Circular-Reminder-APAR-2021-22.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/ACQSCharges.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/sparrow.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/TheCattle-TrespassAct-1871.pdf","https://www.dahd.gov.in/hi/about-us/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-05/AIS.pdf","https://www.dahd.gov.in/hi/division/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-08/DDG2024-25MoFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2023-06/CTI-pertaining-to-DAHD-for-AQ-Clearance.pdf","https://www.dahd.gov.in/division/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/hi/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/hi/extension-and-publicity/success-story/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/hi/document/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-04/AppointmentOrderIEM.pdf","https://www.dahd.gov.in/hi/pashupedia-pig-breed","https://www.dahd.gov.in/hi/pashupedia-cattle-breed","https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","https://www.dahd.gov.in/sites/default/files/2025-07/GuidelinesTimelineforSubmissionofAPAR2021-22.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","https://www.dahd.gov.in/hi/pashupedia-goat-breed","https://www.dahd.gov.in/sites/default/files/2024-04/OmAllIndiaServece.pdf","https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","https://www.dahd.gov.in/hi/taxonomy/term/564","https://www.dahd.gov.in/sites/default/files/2023-07/RevisitingofCustomsTariffItemsCTIinReferencetotheFinanceAct2021.pdf","https://www.dahd.gov.in/hi/node/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/hi/documents/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/office_order_circular/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/node/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofOXBileintoIndia.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/MahatmeReleivingorder.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/TenderDocuments.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/AAAGFAHD20SEPT2024.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/LTCAdvance7.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/Brucellabid5Dose2026DADF.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/RTI-Order09052024.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/HindiVacancyCircular.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/NotificationSO4559Edated16thDecember2020.pdf","https://www.dahd.gov.in/division/administration/rti/guidelines","https://www.dahd.gov.in/sites/default/files/2024-05/AccountsAtGlanceForTheYear2022-23.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/CertifyingAuthorityAndProductDesignation.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/ImportOfPetCat.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/DraftVHCforImportofPorkandPorkProducts6-2-2026_2.pdf","https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","https://www.dahd.gov.in/sites/default/files/2024-04/IPRVeterinaryDoctorsAndTechnicalOfficers.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/TheLive-stockImportationAct-1898.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/2019-20DDG.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/HindiEofficeAccountCreationForm.pdf","https://www.dahd.gov.in/hi/extension-publicity/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/themes/mindahd/css/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-07/RevisedTimelinesforAPAR2024-2025.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/IntegrityPledge.pdf","https://www.dahd.gov.in/hi/division/administration/rti/2024","https://www.dahd.gov.in/sites/default/files/2024-04/BRAZIL.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoEOMDated17122024SNASPARSHModel28StatesAnd3UTswithLegislature28Schemes.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","https://www.dahd.gov.in/sites/default/files/2026-01/Brucellabid10dose_2026_DADF_894299_1.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/ImplementationofAnnualIncentiveScheme.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/DIRECTORY-OF-PAY-AND-ACCOUNTS.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes/DoEOMDated31102025RelatedAppraisalAndApprovalOfSchemes.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/GoatFarmingBrochure.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/Circular.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/2021-22DDG-MoFAHD.pdf","https://www.dahd.gov.in/parliament/lok-sabha","https://www.dahd.gov.in/sites/default/files/2026-02/APAR_OM_Annexure.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/2910-BookletonAHSchemes-E-Web.pdf","https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA/ReleaseOfFundUnderCSDOEOMDated21052024.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/AAAG_2020_21_FAHD.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/RevisedThresholdValuesForSubmissionOfQuarterlyProgressReportQPR.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/DACP-RRs-of-2020.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/AnimalNutritionistPayScale.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/UpdationOfManualsOnProcurementOfGoodsConsultancyServicesNonConsultancyServicesAndWorks.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/ApprovedOGforPashuAushadhiComponentofLHDCP.pdf","https://www.dahd.gov.in/hi/division/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-04/APAR2022-23Schedule.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/CHILE.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","https://www.dahd.gov.in/sites/default/files/2025-05/MTS-APARFinal2024-25.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/APAR2022-23Schedule_0.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/IPR.pdf","https://www.dahd.gov.in/parliament/rajya-sabha","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryFrozenSemenBankBassiRajasthan0.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/KCC-H.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/RRs-21-06-2017-AHC.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/DDG2022-23ofMoFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM/DoECreationUpgradationRevisedGuidelinesForCentralGovernment05012024.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/NLM-Leaflet-E.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/AdditionalListOfAnimalFeedAdditives.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/Office-Memorandum.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/AIS.pdf","https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","https://www.dahd.gov.in/sites/default/files/2026-04/OMDated6April2026VHCForImportOfOvineAndCaprineMeatIntoIndia_0.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/10MARCHAAAGFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2025-06/CertificateofCompliance_dahd_09-05-2025.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/ALGERIA.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/TimelyCompletionOfAPAR2020-21.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/RUSSIA.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/ISEAStalking.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund/DoEOMDated06092016FlexiFundsSchemes.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/NotificationSO4025Edated6November2020.pdf","https://www.dahd.gov.in/sites/default/files/2025-08/DAHDDashboard-28-07-2025.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryNationalDairyResearchInstituteNDRIHaryana.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/2922-ZoonticBrochure-I-Web.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoEOMSOPOnRevisedWorkflowForSNASPARSHDated11082025.pdf","https://www.dahd.gov.in/hi/divisions/administration/rti/2023","https://www.dahd.gov.in/sites/default/files/2025-12/FinalVHCforImportofGelatine-23-12-2025_1.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/ISEAPasswordSecurity.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","https://www.dahd.gov.in/sites/default/files/2023-07/NotificationSO2825Edated14July2021.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","https://www.dahd.gov.in/sites/default/files/2026-02/1_8_2007_IR_Eng_0.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/CircularAPAR2021-22.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/KCC-Leaflet-E.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/OM-dated6April2026VHC-for-Import-of-Equid-Semen-into-India_0.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/NotificationSO191EDated11January2023AnimalQuarantineFacilityAtBengaluru.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/AHIDF-H.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","https://www.dahd.gov.in/sites/default/files/2024-05/2928MilkBookletFWeb.pdf","https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","https://www.dahd.gov.in/hi/parliament/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-10/OneHealthHackathonLeafletRev3.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/FinalVHCforImportofBovineSerum23-12-2025_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/WorkAllocationLH.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/RTIAct.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/PigBrochure.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/RelievingOrder.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/BrazilJDI.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","https://www.dahd.gov.in/division/administration/rti/cpio_faa","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryMattupettySemenStationPart1KLDB.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/ISEAOnlineGaming.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/AhidfPahmplet.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/VIETNAM.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/Order-11-11-25.pdf","https://www.dahd.gov.in/hi/divisions/administration/rti/2022","https://www.dahd.gov.in/sites/default/files/2026-03/Reminder-II-Timeline-for-recording-APAR.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","https://www.dahd.gov.in/sites/default/files/2026-01/BudgetOpeningOfOffice.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/GeM-Bid-Documents-for-Purchase-of-ACs.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","https://www.dahd.gov.in/sites/default/files/2025-12/RTIReplySandeep.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/IntegrityPledgeCeremony.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS140.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/AnnulReportHindi.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LS251.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/sign347.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/RTI.pdf","https://www.dahd.gov.in/division/administration/rti/2024","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","https://www.dahd.gov.in/sites/default/files/2025-04/RS1492.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LS287.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS222.pdf","https://www.dahd.gov.in/hi/divisions/administration/rti/2021","https://www.dahd.gov.in/sites/default/files/2024-10/NucleusJerseyAndStudFarmNJSFTCMPF-LTD-AAVIN.pdf","https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","https://www.dahd.gov.in/sites/default/files/2025-08/RTIReply.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/OfficeOrder19-12-2025.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/RTIOrder1-1-2026.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS85.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS1493.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","https://www.dahd.gov.in/sites/default/files/2026-01/OM23Jan2026VHCforImportOfOvineMeatandOvineMeatProductsIntoIndia_0.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","https://www.dahd.gov.in/sites/default/files/2026-03/OM12Mar2026onFacilitationofImportofPetsfromMiddleEastCountries_0.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryMattupettySemenStationPart2KLDB.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofOXBileintoIndia_1.pdf","https://www.dahd.gov.in/hi/schemes/programmes/nadcp","https://www.dahd.gov.in/sites/default/files/2024-10/RS259.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS226.pdf","https://www.dahd.gov.in/parliament/rajya-sabha-questions/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/division/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/division/administration/aparcell/forms?page=0","https://www.dahd.gov.in/division/administration/rti/organisation-function","https://www.dahd.gov.in/sites/default/files/2025-04/RS1495.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofOvineEmbryointoIndia_1.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryPurneaSemenStationBihar.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS743.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LS303.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirDistrictLivestockFarmUdhagamandalamTheNilgirisOoty.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/RTIOrder18-12-2025.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/Cybersecurity_0.jpg","https://www.dahd.gov.in/sites/default/files/2024-05/RightToInformation.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS1494.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS1151.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS497.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS86.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LSQ362.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHD-R-E2600258.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","https://www.dahd.gov.in/sites/default/files/2026-02/RTIOrder11-11-2025.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS1499.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS264.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","https://www.dahd.gov.in/sites/default/files/2024-10/RS746.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirSemenStationPalampurHimachalPradeshLivestockAndPoultryDevelopmentBoardHP.pdf","https://www.dahd.gov.in/division/administration/rti/budget-and-programme","https://www.dahd.gov.in/sites/default/files/2025-04/LS457.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS535.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LSQ450.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-04/LS418.pdf","https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","https://www.dahd.gov.in/sites/default/files/2024-10/RS998.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/WorkAllocationOrder.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS1174.pdf","https://www.dahd.gov.in/hi/about-us/organizational-structure","https://www.dahd.gov.in/sites/default/files/2024-10/RS747.pdf","https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","https://www.dahd.gov.in/sites/default/files/2025-12/DraftNotificationOfVHCForImportOfSkinAndHide.pdf","https://www.dahd.gov.in/division/administration/aparcell/forms?page=2","https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","https://www.dahd.gov.in/sites/default/files/2025-04/RS1561.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/RTIOrder29-10-2024.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS1503.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/Office_Order.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDAE2600052.pdf","https://www.dahd.gov.in/hi/divisions/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-04/LS1866.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS88.pdf","https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","https://www.dahd.gov.in/sites/default/files/2025-04/LS1877.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/RtiDocument.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/DraftBillPCICDAAct.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofPorcineSemen.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS30.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS727.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS271.pdf","https://www.dahd.gov.in/hi/division/administration/rti/e-governance","https://www.dahd.gov.in/sites/default/files/2024-05/RTI05-Apr-2022.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS265.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS732.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS1006.pdf","https://www.dahd.gov.in/hi/schemes/programmes/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-11/NOTIFICATION.pdf","https://www.dahd.gov.in/division/administration/rti/e-governance","https://www.dahd.gov.in/sites/default/files/2026-01/NoticeforAmendment-CattleTrespassAct1871.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/CreationGenerationAPARs_0.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS2130.pdf","https://www.dahd.gov.in/sites/default/files/2025-05/RTIReply.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS568.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/RTIOrder19-08-2024.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS206.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LS1880.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS1189.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/OMdated6AprilVHCfor-import-of-EquidsandNon-EquidPerissodactyls_0.pdf","https://www.dahd.gov.in/sites/default/files/2025-05/rti.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS68.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRT26000565.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/1_4_2008_IR.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/LS1888.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/d35e7431-0d10-4ff8-981e-c134ece01dcf.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/RS92.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/M-03024-1-2020-Admn-4.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirSpermStationRanbirbaghGanderbalJK.pdf","https://www.dahd.gov.in/about-us/about-department","https://www.dahd.gov.in/sites/default/files/2024-10/RS136.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/LS36.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/OM-dated-14062021.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/RTI05-Apr-2022_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/SCoS.pdf","https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","https://www.dahd.gov.in/divisions/administration/rti/2023","https://www.dahd.gov.in/sites/default/files/2025-04/RS2134.pdf","https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","https://www.dahd.gov.in/hi/division/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-03/RTIHearing.pdf","https://www.dahd.gov.in/sites/default/files/2025-03/RTI0.pdf","https://www.dahd.gov.in/about-us/organizational-structure","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRT26000781.pdf","https://www.dahd.gov.in/sites/default/files/2025-04/RS2133.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/OrganizationStructureDepartmentOfAnimalHusbandryAndDairying.pdf","https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","https://www.dahd.gov.in/sites/default/files/2024-05/RtiAct2005InformationReg.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/LinkOfficer.pdf","https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","https://www.dahd.gov.in/sites/default/files/2025-12/NoticeDated24December2025_2.pdf","https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRE2600269.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-10/OfficeOrder.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/PostingOrder.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/GSR737-07-10-2025-VHCLiveEquine_2.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/RTIHearingOrderDt31-01-2025.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/RTIHearingOrderDt-31-01-2025.pdf","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-03/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-11/AppointmentOfFACAOInDelhiMilkScheme.pdf","https://www.dahd.gov.in/divisions/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-12/CHRSRohtakAuctionNotice.pdf","https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","https://www.dahd.gov.in/sites/default/files/2025-07/ForeignAndDomesticTours.pdf","https://www.dahd.gov.in/division/administration/rti/budget-and-programme/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-08/2024-06-12InformationUnderRTI.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/RTIOrderDt12-02-2025002_1.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofOvineEmbryointoIndia_0.pdf","https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","https://www.dahd.gov.in/sites/default/files/2025-10/11082dd2-e35c-4b9a-a4bd-05b7e3cd282.pdf","https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","https://www.dahd.gov.in/sites/default/files/2024-06/InputsPertainingVigilanceUnitDAHD.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/VishwasKamblePatil402001.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/Reminder-MigrationfromNPStoUPS-last-date30-11-2025.pdf","https://www.dahd.gov.in/hi/division/administration/aparcell/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-10/CyberSecurityAwarenessProgram.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/NoticeDated24December2025.pdf","https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","https://www.dahd.gov.in/divisions/administration/rti/2022","https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-08/July2022Jan2023GrossSalary.pdf","https://www.dahd.gov.in/sites/default/files/2024-07/RTI2005.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/TrainingSession.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE2600100.pdf","https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRT26000211.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRX26000043.pdf","https://www.dahd.gov.in/division/administration/rti/organisation-function/name-boards-council-committee-etc","https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE260004810.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/DOAHD-A-E-25-00123-reply.pdf","https://www.dahd.gov.in/document/citizen-charter","https://www.dahd.gov.in/division/administration/rti/organisation-function/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCforImportofOXBileintoIndia_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/DOAHD-A-E-25-00117reply.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/DOAHD-A-E-25-00122reply.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/MeetingNotice.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/TestingRawHide_Skin_Furskins.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/MeetingNoticeforApplicants.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/RajivKhoslaRTI.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/VishwasKamblePatil398001.pdf","https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","https://www.dahd.gov.in:80/themes/mindahd/favicon.ico","https://www.dahd.gov.in/sites/default/files/2024-05/RTI_2.pdf","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/progress.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/fieldgroup.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/align.module.css?tfn4vu","https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/container-inline.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/item-list.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/clearfix.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/reset-appearance.module.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE26000486.pdf","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/details.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/ajax-progress.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/position-container.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/resize.module.css?tfn4vu","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/base-responsive.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/nowrap.module.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-12/DraftVHCForImportOfPorcineSemen_0.pdf","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/font.css?tfn4vu","https://www.dahd.gov.in:80/modules/cmf/easy_sitemap/css/easy_sitemap.css?tfn4vu","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/flexslider.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/core/assets/vendor/normalize-css/normalize.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/breadcrumb.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/core/normalize-fixes.css?tfn4vu","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/grid.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/system-status-counter.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/js.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/collapse-processed.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/tablesort.module.css?tfn4vu","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/font-awesome.min.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/exposed-filters.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/item-list.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/form.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/inline-form.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/links.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/field.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/link.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2024-06/NodalRTI.pdf","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/system-status-report-general-info.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/icons.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-03/OM20March25.pdf","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/base.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/tableselect.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/more-link.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/menu.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/pager.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/tabledrag.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/tablesort.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-02/QuarantineClearnaceofPetDog-PetCat.pdf","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/tabs.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/progress.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/action-links.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRT26000121.pdf","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/ui-dialog.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/messages.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/details.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/textarea.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/file.css?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/css/style.css?tfn4vu","https://www.dahd.gov.in:80/core/misc/drupalSettingsLoader.js?v=10.4.7","https://www.dahd.gov.in:80/core/misc/drupal.js?v=10.4.7","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/container-inline.css?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/classy/css/components/button.css?tfn4vu","https://www.dahd.gov.in:80/core/assets/vendor/once/once.min.js?v=1.0.1","https://www.dahd.gov.in:80/sites/default/files/2023-07/NewGPF4.pdf","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/framework.js?v=1.x","https://www.dahd.gov.in:80/hi","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/ma5gallery.js?v=1.x","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/cmf_design.js?v=1.x","https://www.dahd.gov.in:80/themes/mindahd/js/megamenu.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/js/ma5gallery.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/js/theme.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/js/easyResponsiveTabs.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/css/site.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-10/PreparationOfFreshChannelOfSubmission.pdf","https://www.dahd.gov.in:80/themes/mindahd/js/framework.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/js/custom.js?tfn4vu","https://www.dahd.gov.in:80/","https://www.dahd.gov.in:80/themes/mindahd/js/accesibile.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js?tfn4vu","https://www.dahd.gov.in:80/modules/password_encrypt/js/password_encrypt.js?v=10.4.7","https://www.dahd.gov.in/sites/default/files/2024-08/DOAHD-R-E-24-0251.pdf","https://www.dahd.gov.in:80/core/assets/vendor/jquery/jquery.min.js?v=3.7.1","https://www.dahd.gov.in:80/core/misc/progress.js?v=10.4.7","https://www.dahd.gov.in:80/core/misc/drupal.init.js?v=10.4.7","https://www.dahd.gov.in:80/core/assets/vendor/loadjs/loadjs.min.js?v=4.3.0","https://www.dahd.gov.in:80/core/misc/debounce.js?v=10.4.7","https://www.dahd.gov.in:80/sites/default/files/2023-07/CertificateofTtransferofCharge.pdf","https://www.dahd.gov.in:80/core/assets/vendor/tabbable/index.umd.min.js?v=6.2.0","https://www.dahd.gov.in:80/themes/mindahd/js/jquery.flexslider-min.js?tfn4vu","https://www.dahd.gov.in:80/core/misc/announce.js?v=10.4.7","https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","https://www.dahd.gov.in/sites/default/files/2026-02/ParipoornaMediclaimAyushBimaforCGHS-Beneficiaries.pdf","https://www.dahd.gov.in:80/core/modules/views/js/base.js?v=10.4.7","https://www.dahd.gov.in:80/themes/mindahd/js/jquery-accessibleMegaMenu.js?tfn4vu","https://www.dahd.gov.in:80/themes/contrib/stable/js/ajax.js?v=10.4.7","https://www.dahd.gov.in:80/core/misc/message.js?v=10.4.7","https://www.dahd.gov.in:80/core/modules/views/js/ajax_view.js?v=10.4.7","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/easyResponsiveTabs.js?v=1.x","https://www.dahd.gov.in:80/sites/default/files/2023-08/myvisit-logo.png","https://www.dahd.gov.in:80/sites/default/files/2023-08/india-portal.png","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js?v=1.x","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/font-size.js?v=1.x","https://www.dahd.gov.in:80/sites/default/files/2023-08/GoiDirectory.png","https://www.dahd.gov.in:80/sites/default/files/2023-08/DigitalIndia.png","https://www.dahd.gov.in:80/sites/default/files/2023-08/pmnrf.png","https://www.dahd.gov.in:80/sites/default/files/2023-08/ICCCC.png","https://www.dahd.gov.in:80/modules/cmf/cmf_design/images/ico-site-search.png","https://www.dahd.gov.in:80/sites/default/files/2023-08/STQC.png","https://www.dahd.gov.in/sites/default/files/2025-03/TestingofRawHideSkinFurskins.pdf","https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","https://www.dahd.gov.in/sites/default/files/2024-05/RTI-20MAY2024.pdf","https://www.dahd.gov.in:80/themes/contrib/stable/css/views/views.module.css?tfn4vu","https://www.dahd.gov.in:80/sites/default/files/2023-08/e-gazette.png","https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/jquery.flexslider.js?v=1.x","https://www.dahd.gov.in:80/sites/default/files/2025-02/PM-KisanSammanNidhiYogna.jpg","https://www.dahd.gov.in:80/modules/cmf/cmf_design/css/print.css?tfn4vu","https://www.dahd.gov.in/sites/default/files/2025-03/OM3March2025forNotifyingNewNTMs_0.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/ShNT-Niyas.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/OM13August2025ForNotifyingNewNTMsDraftVHCForImportOfLivEquine.pdf","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/hidden.module.css?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","https://www.dahd.gov.in:80/sites/default/files/2023-08/ECI.png","https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","https://www.dahd.gov.in:80/sites/default/files/2023-07/Form1NominationForRetirementGratuity.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/OM30Oct2025NotifyingNewNTMsNaviMumbaiLivestockProducts.pdf","https://www.dahd.gov.in/sites/default/files/2024-08/April2024ToJuly2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/LTCAdvance7.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/pg-portal.png","https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","https://www.dahd.gov.in/sites/default/files/2025-12/Circular11122025.pdf","https://www.dahd.gov.in:80/division/awd","https://www.dahd.gov.in:80/division/kcc","https://www.dahd.gov.in:80/documents/accounts-glance","https://www.dahd.gov.in/sites/default/files/2024-12/Aug2024toSept2024.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/RTIOrderDt12-02-2025003_0.pdf","https://www.dahd.gov.in:80/document/citizencharter","https://www.dahd.gov.in/sites/default/files/2024-08/2024-06-12-ComplianceOfCICOrder.pdf","https://www.dahd.gov.in/divisions/administration/rti/2021","https://www.dahd.gov.in/sites/default/files/2024-08/2024-06-14CICOrderEnglish.pdf","https://www.dahd.gov.in:80/division/administration/aparcell/forms","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE2600082.pdf","https://www.dahd.gov.in/hi/division/administration/rti/sites/default/files/2024-08/2024-06-14CICOrderEnglish.pdf","https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","https://www.dahd.gov.in:80/index.php/division/administration/aparcell/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-10/Office-Order.pdf","https://www.dahd.gov.in:80/document/acts-rules-notifications","https://www.dahd.gov.in/sites/default/files/2026-01/ResultofPMABid.pdf","https://www.dahd.gov.in:80/libraries/CryptoJS/aes.js?v=10.4.7","https://www.dahd.gov.in/sites/default/files/2024-05/VishwasKamblePatil400001.pdf","https://www.dahd.gov.in:80/division/administration/cash-section","https://www.dahd.gov.in/sites/default/files/2025-10/WorkAllocations.pdf","https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","https://www.dahd.gov.in:80/divisions/administration/admin-II","https://www.dahd.gov.in:80/about-us/about-departments","https://www.dahd.gov.in/sites/default/files/2025-10/MeetingNotice_0.pdf","https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","https://www.dahd.gov.in:80/themes/mindahd/css/flexslider?tfn4vu","https://www.dahd.gov.in:80/sites/default/files/2025-06/CertificateofCompliance_dahd_09-05-2025.pdf","https://www.dahd.gov.in:80/en","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/system-status-report-counters.css?tfn4vu","https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","https://www.dahd.gov.in:80/parliament/parliament_questions","https://www.dahd.gov.in/sites/default/files/2024-05/RTI_4.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/Retirement-OrderSmtNeeraPPS.pdf","https://www.dahd.gov.in/sites/default/files/2024-08/RTIAppealofSubhashAgarwal.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/OrganisationStructureOfCEPDivision.pdf","https://www.dahd.gov.in:80/web-information-manager","https://www.dahd.gov.in:80/sites/default/files/2026-02/OMStrategyDocumenmtonPreventionandControlofMastitis_1.pdf","https://www.dahd.gov.in:80/dahd-dashboard","https://www.dahd.gov.in:80/contact_us","https://www.dahd.gov.in:80/nlm-scheme-brochure","https://www.dahd.gov.in:80/document/assets-dahd","https://www.dahd.gov.in:80/default.aspx","https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","https://www.dahd.gov.in:80/about-us/allocation-business-rules","https://www.dahd.gov.in:80/libraries/flexslider/flexslider.css?tfn4vu","https://www.dahd.gov.in:80/disclaimer","https://www.dahd.gov.in:80/help","https://www.dahd.gov.in:80/sites/default/files/2026-04/MahatmeReleivingorder_0.pdf","https://www.dahd.gov.in:80/extension-publicity/sire-directory","https://www.dahd.gov.in:80/sites/default/files/languages/hi_L5Se198HwPn1Hw8b2ByxLOUeyYZZ98Yzr0j_2TaSpw8.js?tfn4vu","https://www.dahd.gov.in:80/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/website-policy","https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","https://www.dahd.gov.in:80/feedback","https://www.dahd.gov.in:80/divisions/administration/rti","https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","https://www.dahd.gov.in:80/division/international-cooperation","https://www.dahd.gov.in:80/pashupedia","https://www.dahd.gov.in:80/libraries/flexslider/jquery.flexslider-min.js?tfn4vu","https://www.dahd.gov.in:80/modules/contrib/flexslider/dist/js/flexslider.load.min.js?tfn4vu","https://www.dahd.gov.in:80/sites/default/files/2026-05/HindiVacancyCircular.pdf","https://www.dahd.gov.in/sites/default/files/2026-01/DOAHD-A-E-25-00121reply.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/PostOfAssistantRFSHisar.pdf","https://www.dahd.gov.in:80/kcc-scheme-brochure","https://www.dahd.gov.in:80/pashu-aushadhi","https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","https://www.dahd.gov.in:80/sites/default/files/2026-05/UDCPostRFSHyderabad.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/ArmedForcesFlagDay.pdf","https://www.dahd.gov.in:80/documents/e-office","https://www.dahd.gov.in:80/sites/default/files/2026-05/VacancyCirculars.pdf","https://www.dahd.gov.in:80/schemes-programmes","https://www.dahd.gov.in/sites/default/files/2025-03/RTI-Reply.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRT2600062.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/BAHS2025Brochures.pdf","https://www.dahd.gov.in:80/cyber-security-awareness-month","https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","https://www.dahd.gov.in:80/extension-publicity/iec-material","https://www.dahd.gov.in:80/sites/default/files/2025-06/SancharSaathiPortalAppHindi.jpeg","https://www.dahd.gov.in:80/sites/default/files/2024-06/ShriGeorageKurian.jpg","https://www.dahd.gov.in:80/photo-gallery","https://www.dahd.gov.in:80/themes/mindahd/images/videos1.png","https://www.dahd.gov.in:80/themes/mindahd/images/photos1.png","https://www.dahd.gov.in:80/sites/default/files/2024-06/ShriRajivRanjan.jpg","https://www.dahd.gov.in:80/sites/default/files/2025-01/shri_rajiv_ranjan_new.jpg","https://www.dahd.gov.in:80/sites/default/files/2023-07/External_links.png","https://www.dahd.gov.in:80/themes/mindahd/images/feedback1.png","https://www.dahd.gov.in:80/sites/default/files/2026-02/HomeBanner_1.jpeg","https://www.dahd.gov.in:80/documents/tender","https://www.dahd.gov.in/sites/default/files/2024-07/OrganizationalChart.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/GeM-bidding-with-ATC-of-taxis-for-short-terms.pdf","https://www.dahd.gov.in:80/themes/mindahd/images/icons/media.png","https://www.dahd.gov.in:80/core/modules/statistics/statistics.js?v=10.4.7","https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","https://www.dahd.gov.in:80/sites/default/files/2026-02/ALL-TENDER-DOCUMENTS.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/sp_singh_baghel_new.jpg","https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","https://www.dahd.gov.in:80/sites/default/files/2025-01/georage_kurian_new.jpg","https://www.dahd.gov.in:80/sites/default/files/2023-07/External_links_0.png","https://www.dahd.gov.in:80/themes/mindahd/images/publications1.png","https://www.dahd.gov.in:80/sites/default/files/2026-05/English.pdf","https://www.dahd.gov.in:80/about-us/vision-mission-objective","https://www.dahd.gov.in:80/themes/contrib/stable/css/system/components/sticky-header.module.css?tfn4vu","https://www.dahd.gov.in:80/divisions/administration/admin-i","https://www.dahd.gov.in:80/themes/mindahd/images/icons/pdf-download-icon.png","https://www.dahd.gov.in:80/sites/default/files/2023-07/TheCattle-TrespassAct-1871.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments/MfPoNCS2025.pdf","https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","https://www.dahd.gov.in:80/hi/document/assets-dahd","https://www.dahd.gov.in:80/sites/default/files/2026-05/DraftRRsForPostOfMTS_0.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/FinalVHCforImportofGelatine-23-12-2025_0.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/VinodSanklaRTI.pdf","https://www.dahd.gov.in:80/hi/office_order_circular","https://www.dahd.gov.in:80/sites/default/files/2023-07/TheLive-stockImportationAct-1898.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-06/ShriSpSinghBaghel.jpg","https://www.dahd.gov.in:80/sites/default/files/2024-04/indian-veterinary-council-act-1984.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/CeilinginGPFSubscription.pdf","https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","https://www.dahd.gov.in:80/hi/node/2814","https://www.dahd.gov.in:80/hi/documents/e-office","https://www.dahd.gov.in/sites/default/files/2025-01/OM15Jan2025forNotifyingNewNTMs.pdf","https://www.dahd.gov.in:80/hi/document/demand-grants","https://www.dahd.gov.in:80/hi/documents/accounts-glance","https://www.dahd.gov.in:80/hi/node/3954","https://www.dahd.gov.in:80/hi/node/4038","https://www.dahd.gov.in:80/sites/default/files/2026-01/Re-ConstitutionofAnimalWelfareBoard.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/national-dairy-development-board-act-1987.pdf","https://www.dahd.gov.in:80/hi/schemes-programmes","https://www.dahd.gov.in:80/modules/contrib/flexslider/assets/css/flexslider_img.css?tfn4vu","https://www.dahd.gov.in:80/hi/pashu-aushadhi","https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","https://www.dahd.gov.in:80/hi/faq","https://www.dahd.gov.in:80/sites/default/files/2026-05/GoodHusbandryPracticesinPigFarming_0.pdf","https://www.dahd.gov.in:80/hi/documents/tender","https://www.dahd.gov.in:80/themes/mindahd/images/icons/application-pdf.png","https://www.dahd.gov.in:80/hi/about-us/aboutdepartments","https://www.dahd.gov.in:80/hi/about-us/list-attachedsubordinate-offices-department","https://www.dahd.gov.in:80/ahidf-scheme-brochure","https://www.dahd.gov.in:80/hi/documents/procurement-projections-dahd","https://www.dahd.gov.in:80/hi/annual-report","https://www.dahd.gov.in:80/sites/default/files/2026-02/ISS-Expert-Committee-Report_0.pdf","https://www.dahd.gov.in:80/hi/divisions/administration/admin-i","https://www.dahd.gov.in/sites/default/files/2025-10/IAS-Officers-on-iGOT.pdf","https://www.dahd.gov.in:80/themes/mindahd/images/icons/play.png","https://www.dahd.gov.in/sites/default/files/2026-03/Channel-of-Submission.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/EAuctionNotice0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/AuctionNotice.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRE26002482.pdf","https://www.dahd.gov.in:80/hi/dahd-dashboard","https://www.dahd.gov.in:80/hi/photo-gallery","https://www.dahd.gov.in:80/sites/default/files/2024-10/DIRECTORY-OF-PAY-AND-ACCOUNTS.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE2600072.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/ReminderII-Timeline-for-recording-APAR.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-08/Reminder.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/TimelinesAPARs2024-25.pdf","https://www.dahd.gov.in:80/video-gallery","https://www.dahd.gov.in:80/hi/ahidf-scheme-brochure","https://www.dahd.gov.in/sites/default/files/2025-02/RTIOrderDt12-02-2025001.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/AAAGFAHD20SEPT2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/Extension-of-timelines-for-recording-of-PAR-2025-26-for-AIS-Officers.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/GeM-Bid-Documents-for-Purchase-of-ACs.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-05/CSS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/sign-347.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/EAuctionNotice.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/AnuragYadavRTI.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/PashuAushadhiGuidelinesLHDCP.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/GeMBidNoGEM2026B7314173-05-03-2026.pdf","https://www.dahd.gov.in:80/hi/who-s-who","https://www.dahd.gov.in:80/hi/video-gallery","https://www.dahd.gov.in:80/division/budget-ifd","https://www.dahd.gov.in:80/hi/kcc-scheme-brochure","https://www.dahd.gov.in:80/hi/extension-publicity/iec-material","https://www.dahd.gov.in/sites/default/files/2025-10/DraftNotificationOfVHCForImportOfSkinAndHide_0.pdf","https://www.dahd.gov.in:80/hi/extension-publicity/sire-directory","https://www.dahd.gov.in:80/hi/extension-publicity/coffee-table-books","https://www.dahd.gov.in:80/sites/default/files/2024-04/IPRVeterinaryDoctorsAndTechnicalOfficers.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/NominationofOfficers.pdf","https://www.dahd.gov.in:80/hi/pashupedia","https://www.dahd.gov.in:80/sites/default/files/2025-09/ExtensionOfTimelines.pdf","https://www.dahd.gov.in:80/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryFrozenSemenBankKhapuriaCuttackOdisha.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/StrategyDocumenmtonPreventionandControlofMastitis_1.pdf","https://www.dahd.gov.in:80/hi/division/awd","https://www.dahd.gov.in:80/sites/default/files/2025-05/MTS-APARFinal2024-25.pdf","https://www.dahd.gov.in:80/whats-new","https://www.dahd.gov.in:80/sites/default/files/2026-05/Requestletter.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/CreationGenerationAPARs.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-05/AIS.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/APAR_OM_Annexure.pdf","https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRP26000021.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-05/TimelinesForRecordingOfAPARExtensionOfTimeline.pdf","https://www.dahd.gov.in:80/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","https://www.dahd.gov.in:80/hi/division/trade","https://www.dahd.gov.in:80/hi/extension-and-publicity/success-story/breed-multiplication-farm","https://www.dahd.gov.in:80/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","https://www.dahd.gov.in:80/hi/extension-and-publicity/success-story/pig-breeder-farm","https://www.dahd.gov.in:80/hi/parliament/parliament_questions","https://www.dahd.gov.in:80/hi/extension-and-publicity/success-story/breed-development-rural-poultry","https://www.dahd.gov.in:80/hi/division/international-cooperation","https://www.dahd.gov.in:80/sites/default/files/2025-08/DAHDDashboard-28-07-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/8thCentralPayCommissionQuestionnaire_0.jpeg","https://www.dahd.gov.in:80/sites/default/files/2025-01/DAHDDashboardNLM.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/APAR2024-25.pdf","https://www.dahd.gov.in:80/division/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/hi/cyber-security-awareness-month","https://www.dahd.gov.in:80/sites/default/files/2024-04/sparrow.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SireDirectoryCFSPTI-HGT.xlsx","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryPurneaSemenStationBihar.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-PROVEN-BULLS.pdf","https://www.dahd.gov.in:80/document/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2024-05/VishwasKamblePatil401001.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/Reminder-TimelyCompletionofAPAR.pdf","https://www.dahd.gov.in:80/hi/division/kcc","https://www.dahd.gov.in:80/sites/default/files/2025-06/TimelineForAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/RTI__0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-JERSEY.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-JERSEY-CROSSBRED-BULLS.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/OrderDt21032024.pdf","https://www.dahd.gov.in:80/documents/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-05/AccountsAtGlanceForTheYear2022-23.pdf","https://www.dahd.gov.in:80/faq","https://www.dahd.gov.in:80/sites/default/files/2024-04/Circular.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS-JERSEY-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/AlamadhiSS.xlsx","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS-HOLSTEIN-FRIESIAN-BULLS.pdf","https://www.dahd.gov.in:80/document/demand-grants","https://www.dahd.gov.in:80/division/administration/aparcell/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/about-us/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-04/Alamadhi-Jersey-Crossbred-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-IND-CATTLE.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS-MURRAH-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/JoiningReportHindi.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/RTI12Mar26.pdf","https://www.dahd.gov.in:80/division/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-HF-CROSSBRED-BULLS.pdf","https://www.dahd.gov.in:80/hi/useful-links","https://www.dahd.gov.in:80/hi/divisions/administration/rti","https://www.dahd.gov.in:80/sites/default/files/2024-04/Alamadhi-CB-HF-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS.xls","https://www.dahd.gov.in/hi/division/administration/rti/sites/default/files/2024-08/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2023-07/AssetsOfDAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryFrozenSemenBankBassiRajasthan0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SireDirectory-CFSPTI-HGT.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/JoiningReportEnglish.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Alamadhi-HF-Crossbred-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Alamadhi-JERSEY-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Alamadhi-HF-BULLS.pdf","https://www.dahd.gov.in:80/hi/about-us/allocation-business-rules","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-IND-BUFFALO.pdf","https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=0","https://www.dahd.gov.in:80/sites/default/files/2023-07/APAR_.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/RashtriyaEktaDiwasPledgeon31-10-2025.pdf","https://www.dahd.gov.in/sites/default/files/2024-12/RTIHearingDt28-11-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/CertificateofTtransferofChargeHindi.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/OmAllIndiaServece.pdf","https://www.dahd.gov.in:80/office_order_circular","https://www.dahd.gov.in/sites/default/files/2025-12/OM-reg-VeterinaryInfrastructureGuidelines.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Alamadhi-RED-SINDHI-BULLS.pdf","https://www.dahd.gov.in:80/annual-report","https://www.dahd.gov.in:80/hi/web-information-manager","https://www.dahd.gov.in:80/sites/default/files/2026-03/APARTimeline.pdf","https://www.dahd.gov.in:80/themes/mindahd/css/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2026-05/WorkAllocationSrOfficers.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/PSOAPAR.pdf","https://www.dahd.gov.in:80/hi/help","https://www.dahd.gov.in:80/sites/default/files/2024-04/AppointmentOrderIEM.pdf","https://www.dahd.gov.in:80/hi/node/3239","https://www.dahd.gov.in:80/hi/node/2787","https://www.dahd.gov.in:80/monthly-cabinet-report","https://www.dahd.gov.in:80/sites/default/files/2023-07/AnnexureC.pdf","https://www.dahd.gov.in:80/hi/contact_us","https://www.dahd.gov.in:80/hi/node/1986","https://www.dahd.gov.in:80/hi/node/4042","https://www.dahd.gov.in:80/hi/website-policy","https://www.dahd.gov.in:80/hi/disclaimer","https://www.dahd.gov.in:80/node/4041","https://www.dahd.gov.in:80/divisions/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/extension-and-publicity/success-story/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/extension-publicity/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/hi/node/1987","https://www.dahd.gov.in:80/external-link","https://www.dahd.gov.in:80/hi/division/administration/cash-section","https://www.dahd.gov.in/sites/default/files/2023-08/Date-corrigendum-PLA2-.pdf","https://www.dahd.gov.in:80/node/582","https://www.dahd.gov.in:80/parliament/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS-INDIGENOUS-CATTLE-BULLS.pdf","https://www.dahd.gov.in:80/form/contact","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirExoticCattleBreedingFarmEachenkottaiThanjavurTamilNadu.pdf","https://www.dahd.gov.in:80/node/581","https://www.dahd.gov.in:80/sites/default/files/2024-04/MONGOLIA.pdf","https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=2","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirGermplasmStationNarwaJodhpurRCDFRajasthan.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS-JERSEY-CROSSBRED-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-HOLSTEIN-FRIESIAN-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS-HF-CROSSBRED-BULLS.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/corrigendum.pdf","https://www.dahd.gov.in:80/%E0%A4%86%E0%A4%88%E0%A4%8F%E0%A4%AB%E0%A4%A1%E0%A5%80","https://www.dahd.gov.in:80/archive/division/administration/cash-section","https://www.dahd.gov.in:80/%E0%A4%AA%E0%A4%B0%E0%A4%BF%E0%A4%AA%E0%A4%A4%E0%A5%8D%E0%A4%B0","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB-MURRAH.pdf","https://www.dahd.gov.in:80/node/3238","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE260004818.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/GeMBiddingwithATCAirConditioners.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE260004814.pdf","https://www.dahd.gov.in:80/%E0%A4%B2%E0%A5%87%E0%A4%96%E0%A4%BE","https://www.dahd.gov.in:80/%E0%A4%A8%E0%A4%BF%E0%A4%AF%E0%A4%AE/%E0%A4%85%E0%A4%A7%E0%A4%BF%E0%A4%B8%E0%A5%82%E0%A4%9A%E0%A4%A8%E0%A4%BE%E0%A4%8F%E0%A4%82","https://www.dahd.gov.in:80/hi/external-link","https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB.xlsx","https://www.dahd.gov.in:80/sites/default/files/2024-04/MOROCCO.pdf","https://www.dahd.gov.in:80/%E0%A4%A1%E0%A5%87%E0%A4%AE%E0%A5%8B","https://www.dahd.gov.in/sites/default/files/2026-02/ISS-Expert-Committee-Report_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-11/SignedCertificateDAHD.PDF","https://www.dahd.gov.in:80/parliament/lok-sabha-questions","https://www.dahd.gov.in/sites/default/files/2025-11/RaghuRamSharmaNotification.pdf","https://www.dahd.gov.in:80/node/2786","https://www.dahd.gov.in:80/division/administration/rti/cpio_faa","https://www.dahd.gov.in:80/hi/about-us/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/hi/document/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/divisions/administration/admin-II?field_date_admin_value=1","https://www.dahd.gov.in:80/sites/default/files/2023-08/HindiEofficeAccountCreationForm.pdf","https://www.dahd.gov.in:80/division/trade","https://www.dahd.gov.in:80/sites/default/files/2025-04/10yearsmudra.png","https://www.dahd.gov.in:80/sites/default/files/2024-04/prevention-control-of-infectious-contagious-diseases-animals-act.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions","https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","https://www.dahd.gov.in/sites/default/files/2025-02/RTI.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/OMDated13072023JustInTimeReleaseOfCSSfundsThroughEkuberPlatformOfRBI.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/TenderDocuments.pdf","https://www.dahd.gov.in:80/hi/node/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/AnnualActionPlan/DOEOMDated21022023AAP.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Citizens-Charter-2023-24.pdf","https://www.dahd.gov.in:80/hi/documents/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/documents/procurement-projections-dahd","https://www.dahd.gov.in:80/division/administration/rti/publicity-public-interface","https://www.dahd.gov.in:80/division/administration/rti/rti-information-prescribed","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme","https://www.dahd.gov.in:80/division/administration/rti/organisation-function","https://www.dahd.gov.in:80/division/administration/rti/e-governance","https://www.dahd.gov.in/sites/default/files/2025-10/StrengtheningMechanismforpreservationandUtilisation.pdf","https://www.dahd.gov.in:80/hi/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/division/administration/rti/guidelines","https://www.dahd.gov.in/hi/node/1625","https://www.dahd.gov.in:80/sites/default/files/2024-04/TheLive-stockImportationAct-1898.pdf","https://www.dahd.gov.in:80/divisions/administration/rti/rti-information-disclosed","https://www.dahd.gov.in:80/hi/feedback","https://www.dahd.gov.in/hi/node/1619","https://www.dahd.gov.in/hi/node/1621","https://www.dahd.gov.in/sites/default/files/2025-12/OM.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIAct.pdf","https://www.dahd.gov.in/hi/node/1628","https://www.dahd.gov.in/hi/node/1623","https://www.dahd.gov.in/hi/node/1622","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirFrozenSemenBullStationBarpettaALDAAssam.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/vci-related","https://www.dahd.gov.in:80/hi/office_order_circular/rules-regulation","https://www.dahd.gov.in:80/sites/default/files/2024-04/prevention-cruelty-animals-act-1960.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/Date-Corrigendum.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/sparrow_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/FlexiFund/17082016NitiAayogCSS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirSpermStationRanbirbaghGanderbalJK.pdf","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A0917.JPG?itok=VhSOE6ls","https://www.dahd.gov.in:80/sites/default/files/2026-02/BrazilJDI.pdf","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A0899.JPG?itok=Pj-ij1BX","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A0933.JPG?itok=S7arroFO","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A0906.JPG?itok=LOaAFRTO","https://www.dahd.gov.in/sites/default/files/2023-07/OMdated31March2021onSOPsforImportofLiveAnimalsintoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc/MeetingConferencesDOEOrderDated06052015.pdf","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A0942.JPG?itok=2_hVR9ip","https://www.dahd.gov.in:80/hi/office_order_circular/notifications","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A4371.JPG?itok=doBWO-r2","https://www.dahd.gov.in/hi/node/1626","https://www.dahd.gov.in:80/hi/divisions/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-02/AdvisoryHPAINonPoultry_1.pdf","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A4436.JPG?itok=WVRKybvI","https://www.dahd.gov.in:80/sites/default/files/2024-10/AuctionNotice.pdf","https://www.dahd.gov.in/hi/node/1620","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A1141.JPG?itok=1aRVPT2T","https://www.dahd.gov.in:80/sites/default/files/2024-04/AIS_0.pdf","https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=1","https://www.dahd.gov.in:80/sites/default/files/2023-07/AAAG_2020_21_FAHD.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/miscellaneous","https://www.dahd.gov.in:80/sites/default/files/2024-04/TheCattle-TrespassAct-1871.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/GuidelinesTimelineforSubmissionofAPAR2021-22.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoEOMDated17122024SNASPARSHModel28StatesAnd3UTswithLegislature28Schemes.pdf","https://www.dahd.gov.in:80/division/administration/rti/2024","https://www.dahd.gov.in/hi/node/1627","https://www.dahd.gov.in:80/hi/office_order_circular/dms-related","https://www.dahd.gov.in:80/sites/default/files/2024-04/sign347.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/NucleusJerseyAndStudFarmNJSFTCMPF-LTD-AAVIN.pdf","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2026-02/_46A4302.JPG?itok=Y3hqe4ZR","https://www.dahd.gov.in:80/documents/tender?field_date_value=1","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh/DoEOMDated27032025ProposalToBeSent15DaysBeforeEvent.pdf","https://www.dahd.gov.in/hi/node/1624","https://www.dahd.gov.in:80/sites/default/files/2024-04/APAR2021-22.pdf","https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","https://www.dahd.gov.in:80/hi/office_order_circular/appointment-interim-arrangements","https://www.dahd.gov.in:80/hi/office_order_circular/vacancy_recruitment_advertisement","https://www.dahd.gov.in/sites/default/files/2024-08/ReplytoShriSubhasChandraAgrawalRTIAppeal.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/2910-BookletonAHSchemes-E-Web.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/Office-Order_1.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/Corrigendum-MoM-of-Fifth-NSC-NADCP-MoM.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes/DoEOMDated31102025RelatedAppraisalAndApprovalOfSchemes.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/Nomination-of-Officers.pdf","https://www.dahd.gov.in:80/divisions/administration/admin-i?field_date_admin1_value=1","https://www.dahd.gov.in:80/sites/default/files/styles/media_gallery_image/public/2025-12/NMD2.JPG?itok=uryCaxzy","https://www.dahd.gov.in:80/sites/default/files/2023-07/ProformaForTakingPriorPermissionByGovernmentServantForPrivateVisitsAbroad.pdf","https://www.dahd.gov.in/sites/default/files/2024-08/TotalNumberofForeignAndDomesticToursDuring2023-24.pdf","https://www.dahd.gov.in:80/hi/photo-gallery?page=1","https://www.dahd.gov.in:80/sites/default/files/2024-08/DDG2024-25MoFAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/IPR.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/Brucellabid5Dose2026DADF.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/national_livestock_mission","https://www.dahd.gov.in:80/hi/schemes/programmes/npdd","https://www.dahd.gov.in:80/sites/default/files/2026-02/2021-22DDG-MoFAHD.pdf","https://www.dahd.gov.in/sites/default/files/2025-03/RTIReply11032025.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Om.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/ImportOfPetCat.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/sdcfpo","https://www.dahd.gov.in:80/hi/schemes-programmes/lhdcp","https://www.dahd.gov.in:80/hi/extension-publicity/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-02/SriLankaJDI.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/NationalGopalRatnaAward2025Winners.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/nadcp","https://www.dahd.gov.in:80/hi/taxonomy/term/563","https://www.dahd.gov.in:80/hi/annual-report?field_years_target_id=577","https://www.dahd.gov.in:80/sites/default/files/2023-07/DDG2022-23ofMoFAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/AdditionalListOfAnimalFeedAdditives.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DraftRRsForPostOfMTS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/TimelyCompletionofAPAR2020-21.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/AIS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/IC-DivisionLetterDated16-01-2023.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/animal-husbandry-statistics","https://www.dahd.gov.in:80/sites/default/files/2025-12/FinalVHCforImportofBovineSerum23-12-2025_0.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/559","https://www.dahd.gov.in:80/hi/division/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofOXBileintoIndia_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/PrivateSecretaryAPAR.pdf","https://www.dahd.gov.in:80/hi/extension-and-publicity/success-story/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/hi/schemes/programmes/didf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LetterUserChargesfor-SIPs.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/SCoS.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/TheLiveStockImportationAct1898.pdf","https://www.dahd.gov.in:80/hi/divisions/administration/admin-i?field_date_admin1_value=1","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryMattupettySemenStationPart1KLDB.pdf","https://www.dahd.gov.in:80/hi/documents/tender?field_date_value=1","https://www.dahd.gov.in:80/sites/default/files/2024-04/RUSSIA.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ImportOfPetsUnderBaggage.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/HealthCertificate1.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/ahidf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftNotificationOfVHCForImportOfSkinAndHide.pdf","https://www.dahd.gov.in:80/hi/parliament/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-04/BRAZIL.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/VIETNAM.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/HindiFile2026.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/DENMARK.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/AFLEL.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/Work-Order-NSC-as-PLA26-5-2022.pdf","https://www.dahd.gov.in:80/hi/video-gallery?page=1","https://www.dahd.gov.in:80/sites/default/files/2025-02/How_to_apply_for_SIP_Approval_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/TestingRawHide_Skin_Furskins.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/CorrigendumToWorkOrderOfSurveyAgency-.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-03/TestingofRawHideSkinFurskins.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-12/OM30thDec2024-ModelCoA.pdf","https://www.dahd.gov.in:80/who-s-who","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/FlexiFund/DoEOMDated06092016FlexiFundsSchemes.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/564","https://www.dahd.gov.in:80/sites/default/files/2025-11/ChannelofSubmission.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/AFLELForm.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/QuarantineClearnaceofPetDog-PetCat.pdf","https://www.dahd.gov.in:80/hi/video-gallery?page=2","https://www.dahd.gov.in:80/sites/default/files/2023-07/GPFCPFForm4.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/ActionTakenReport.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/APAR2022-23Schedule.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/NotifyingImportofPetDogandCatCIALKochi_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/NoticeDated24December2025_2.pdf","https://www.dahd.gov.in:80/hi/division/administration/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-10/OM30October2025-NotifyingNewNTMsNaviMumbaiLiveAnimals.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder1-1-2026.pdf","https://www.dahd.gov.in:80/node/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder29-10-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirDistrictLivestockFarmUdhagamandalamTheNilgirisOoty.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder19-08-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/GPFSanction.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/DDG202627MoFAHD.pdf","https://www.dahd.gov.in:80/hi/video-gallery?page=0","https://www.dahd.gov.in:80/sites/default/files/2024-04/gazetteofindia29august2008.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-03/OM3March2025forNotifyingNewNTMs_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/AHIDF-E.pdf","https://www.dahd.gov.in:80/hi/schemes-programmes/lh-dc","https://www.dahd.gov.in:80/parliament/rajya-sabha","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder18-12-2025.pdf","https://www.dahd.gov.in:80/hi/pashupedia-cattle-breed","https://www.dahd.gov.in/sites/default/files/2024-05/RTI0_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/OM11May2026ImportofGelatineinIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder12-04-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/CarAdvance.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/programmes-events","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder02-07-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/DraftVeterinaryHealthCertificateForImportofEquidSemenIntoIndia_0.pdf","https://www.dahd.gov.in:80/hi/pashupedia-goat-breed","https://www.dahd.gov.in:80/hi/pashupedia-buffalo-breed","https://www.dahd.gov.in:80/sites/default/files/2026-05/DrBMNaveena.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha","https://www.dahd.gov.in:80/sites/default/files/2023-08/Eoffice-AccountCreationForm.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/GPFConversion.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder16-05-2023.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/ApprovedOGforPashuAushadhiComponentofLHDCP.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder19-08-2021.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/DraftVeterinaryHealthCertificateForImportOfEquidsAndNonEquidPerissodactyls.pdf","https://www.dahd.gov.in:80/hi/divisions/administration/rti/2023","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder17-01-2023.pdf","https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=3","https://www.dahd.gov.in:80/hi/division/administration/rti/2024","https://www.dahd.gov.in:80/hi/division/administration/rti/rti-information-prescribed","https://www.dahd.gov.in:80/hi/division/administration/rti/e-governance","https://www.dahd.gov.in:80/hi/division/administration/rti/budget-and-programme","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments/ProcurementOfGoods2024.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-monsoon","https://www.dahd.gov.in:80/hi/divisions/administration/rti/2021","https://www.dahd.gov.in:80/hi/division/administration/rti/organisation-function","https://www.dahd.gov.in:80/hi/division/administration/rti/publicity-public-interface","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder19-12-2019.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofPorcineSemen.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/GPFAdvance.pdf","https://www.dahd.gov.in:80/hi/divisions/administration/rti/2022","https://www.dahd.gov.in:80/division/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-01/OM23Jan2026VHCforImportOfOvineMeatandOvineMeatProductsIntoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-09/ImportofEggsEgg-ProductsIntoIndia.pdf","https://www.dahd.gov.in:80/hi/divisions/administration/rti/rti-information-disclosed","https://www.dahd.gov.in:80/hi/schemes/programmes/rashtriya_gokul_mission","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder11-11-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder03-05-2023.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-12/OMNTMsDogCatFood_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-09/ImportofPoultryMeatPoultryMeatProductsIntoIndia_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/TAAdvance.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/TimelyCompletionOfAPAR2020-21.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-winter","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder09-02-2021.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature/DOEOMDated20102023FundFlowToUTWithoutLegislature.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-budget","https://www.dahd.gov.in:80/hi/who-s-who?field_department_of_designation_target_id=All","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofOXBileintoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-09/ImportofHatchingEggsDayOldPoultry-LivePoultryIntoIndia_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder09-05-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder22-07-2019.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/SriLankaJDI.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/PMA-corrigendum4-2-2020.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofOvineEmbryointoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/GSR737-07-10-2025-VHCLiveEquine_2.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/OMDated2April2026VHCForImportOfBovineSerumIntoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCForImportOfPorcineSemen.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/OMDated6April2026VHCForImportOfOvineAndCaprineMeatIntoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofOvineEmbryointoIndia_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/PetFoodProbioticsAdditionalCondition.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/SOPsforquarantineofwildanimalsinZoofacility.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-monsoon","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOE-OM-Dated10-03-2026iroSNA-SPARSH.pdf","https://www.dahd.gov.in:80/about-us/about-department","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-budget","https://www.dahd.gov.in:80/sites/default/files/2024-04/NLMH.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-winter","https://www.dahd.gov.in/sites/default/files/2025-10/VigilanceWeek2025_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-03/Notification.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-11/OM10November2023-NotifyingConsolidatedListOfAnimalFeedAdditivesForImportIntoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/MandateForm.pdf","https://www.dahd.gov.in:80/document/citizen-charter","https://www.dahd.gov.in:80/sites/default/files/2026-05/DrPraveenMalik.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/NotifyingImportofPetDogandCatCIALKochi.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/OfficeOrder_.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/Reply-to-queries-for-Appointment-of-PLA-under-LHDCP.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/OM12Mar2026onFacilitationofImportofPetsfromMiddleEastCountries.pdf","https://www.dahd.gov.in/sites/default/files/2025-12/PostOfChairpersonNDDB.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/2017-18DDG.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/NotificationSO191EDated11January2023AnimalQuarantineFacilityAtBengaluru.pdf","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme/annual-accounts","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder10-11-2023.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/ForeignAndDomesticTours.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/NotificationSO4025Edated6November2020.pdf","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme/report-disbursements","https://www.dahd.gov.in:80/sites/default/files/2026-02/1_8_2007_IR_Eng_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/PublicProcurementProjectionsForNext5Years.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-06/InputsPertainingVigilanceUnitDAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/RevisitingofCustomsTariffItemsCTIinReferencetotheFinanceAct2021.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/OM15Jan2025forNotifyingNewNTMs.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/CSNA/OMDated06062025AllSecysWithEncls.pdf","https://www.dahd.gov.in:80/about-us/organizational-structure","https://www.dahd.gov.in:80/divisions/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2023-07/NewSAGLevelAboveAPAR.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/FinalQuarantineClearnaceofPetDogPetCat.pdf","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/board-council-committee-name","https://www.dahd.gov.in:80/sites/default/files/2023-07/KCC-Leaflet-E.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/NotificationSO2825Edated14July2021.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/SanctionedCaderStrenghtOrder.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHD-R-E2600258.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/DDG2023-24ofMoFAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/NotificationSO489EDated4February.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirGermplasmStationNarwaJodhpurRCDFRajasthan.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/MahatmeReleivingorder.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/PigBrochure.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDAE2600052.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/FinalVHCforImportofGelatine-23-12-2025_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/ImplementationofAnnualIncentiveScheme_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/2921-RabiesLeaflet-F1-4.pdf","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","https://www.dahd.gov.in/sites/default/files/2025-12/CorrigendumNDDB.pdf","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme/concessions-permits-authorizations","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDRT26000565.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/FinalVHCforImportofGelatine-23-12-2025_2.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/NLM-Leaflet-E.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/HospitalityCircular.pdf","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/dates-which-constituted","https://www.dahd.gov.in:80/hi/division/trade?field_date_trade_end_value=1","https://www.dahd.gov.in:80/sites/default/files/2023-08/DevelopmentOfDMS.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/UnderSecretaryAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRE26002594.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/FinalVHCforImportofBovineSerum23-12-2025_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDRT26000781.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftBillPCICDAAct_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DateExtnletter_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/NoticeforAmendment-CattleTrespassAct1871_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/AsstEngCivilDMS.pdf","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/term-tenure","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes/GuidelinesAppraisalApprovalSchemesProjectsDOEOMDated05082016.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/power-functions","https://www.dahd.gov.in:80/sites/default/files/2026-02/2018-19DDG.pdf","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme/cag-pac","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/composition","https://www.dahd.gov.in:80/sites/default/files/2024-04/KCC-H.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDRE2600269.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/CorrigendumNDDB_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/ResultofPMABid.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/1_69_2007_IR.pdf","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/minutes-meeting","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/gross_monthly_remuneration","https://www.dahd.gov.in:80/sites/default/files/2023-07/OMdated31March2021onSOPsforImportofLiveAnimalsintoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/CSNA/ReleaseOfFundUnderCSDOEOMDated21052024.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/Retirement-OrderSmtNeeraPPS_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirSemenStationPalampurHimachalPradeshLivestockAndPoultryDevelopmentBoardHP.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/OfficeOrder19-12-2025_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/AHDF-KCCGuidelines.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments/MfPoCS2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/SOPECAHapplicationdrugvaccinebiologicals.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryFrozenSemenBankKhapuriaCuttackOdisha.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/RTIOrder16-11-2023.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM/DOEOMDated4thJan2024ForCreationRevivalAndAbolitionInAutonomousBody.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/SheepBrochure.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS140.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/AnnulReportHindi.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/OMdated10August2020onVHCforimportofMilkandMilkProducts.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/564/feed","https://www.dahd.gov.in:80/hi/office_order_circular/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS251.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-04/Office-Memorandum.pdf","https://www.dahd.gov.in:80/division/trade?field_date_trade_end_value=1","https://www.dahd.gov.in:80/sites/default/files/2024-05/M-03024-1-2020-Admn-4.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirExoticCattleBreedingFarmEachenkottaiThanjavurTamilNadu.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/CHRSRohtakAuctionNotice_0.pdf","https://www.dahd.gov.in/hi/taxonomy/term/102","https://www.dahd.gov.in:80/hi/division/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2023-08/Addendum-To-AA-2020-21.pdf","https://www.dahd.gov.in/hi/node/1618","https://www.dahd.gov.in:80/sites/default/files/2023-07/Gazzete16112018.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/Circular01-01-2026_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DOEOM21052024SNASparsh.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/Signed-ad-released_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1492.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/OMDated03-08-2021.pdf","https://www.dahd.gov.in:80/hi/node/1595","https://www.dahd.gov.in:80/hi/divisions/administration/rti/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2023-08/APAR.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RightToInformation.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS287.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/FodderBrochure.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RtiDocument.pdf","https://www.dahd.gov.in:80/hi/node/1596","https://www.dahd.gov.in:80/sites/default/files/2025-10/IntegrityPledge_0.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/ahidf?field_categories_ahidf_target_id=111&field_date_ahidf_value=1","https://www.dahd.gov.in:80/sites/default/files/2025-11/ActionTakenReport_0.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofOvineEmbryointoIndia_2.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI05-Apr-2022_0.pdf","https://www.dahd.gov.in:80/sites/default/filess/AHIDF%20gudelines%20in%20Hindi.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/RTI.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","https://www.dahd.gov.in/sites/default/files/2025-10/OM30October2025-NotifyingNewNTMsNaviMumbaiLiveAnimals.pdf","https://www.dahd.gov.in:80/hi/node/3910","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","https://www.dahd.gov.in:80/sites/default/files/2025-12/CorrigendumIssued_0.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","https://www.dahd.gov.in:80/hi/about-us/organizational-structure","https://www.dahd.gov.in:80/sites/default/files/2024-10/DMSNotification_0.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","https://www.dahd.gov.in:80/sites/default/files/2023-07/Allowance.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","https://www.dahd.gov.in:80/sites/default/files/2024-04/APAR2022-23Schedule_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/NoticeDated24December2025_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RtiAct2005InformationReg.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/Brucellabid10dose_2026_DADF_894299_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/FinalListAITI2025-26.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-02/2019-20DDG.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1493.pdf","https://www.dahd.gov.in:80/division/administration/rti/budget-and-programme/themes/mindahd/css/no-js.css","https://www.dahd.gov.in/sites/default/files/2025-10/OM30October2025-NotifyingNewNTMs-NaviMumbaiLiveAnimals.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/HospitalityCircular_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/OM-DT11-10-2022.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/GoatFarmingBrochure.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","https://www.dahd.gov.in:80/divisions/administration/rti/2023","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","https://www.dahd.gov.in:80/hi/node/1594","https://www.dahd.gov.in:80/sites/default/files/2024-05/2928MilkBookletFWeb.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofOXBileintoIndia_2.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/OrganizationStructureDepartmentOfAnimalHusbandryAndDairying.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDRE26002671.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/AD21-11-25_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDRE26002594.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","https://www.dahd.gov.in:80/sites/default/files/2025-12/RTIReplySandeep.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/OM5March2026VHCForImportOfGelatine.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-05/Annual-Report202425.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DOAHDRE26002482.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/NoticeForEngagementOfYPsInDAHD_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI05-Apr-2022.pdf","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI-Order09052024.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/1_4_2008_IR.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/DraftVHCforImportofPorkandPorkProducts6-2-2026_2.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/CHILE.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/TenderNoticeForCAHiringAWBI_0.pdf","https://www.dahd.gov.in:80/division/administration/rti/organisation-function/name-boards-council-committee-etc","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","https://www.dahd.gov.in/sites/default/files/2025-10/GSR737-07-10-2025-VHCLiveEquine_0.pdf","https://www.dahd.gov.in:80/hi/node/3870","https://www.dahd.gov.in:80/sites/default/files/2024-10/OM-1_2.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS303.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/ALGERIA.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoEOMSNASPARSH091225.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/OM-dated-14062021.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/AppointmentOfFACAOInDelhiMilkScheme_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/DDG2025-26MoFAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh/DoEOMDated30052018RegExpenditureAbove40LakhForSeminarWorkshopetc.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/RaghuRamSharmaNotification_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/OM21December2022NotifyingConsolidatedListOfAnimalFeedForImportIntoIndia.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/NoticeDated24December2025_1.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirGujaratLivestockDevelopmentBoardGandhinagarGujarat.pdf","https://www.dahd.gov.in/sites/default/files/2024-12/OMNTMsDogCatFood_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/ACQSCharges.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoEOMSOPOnRevisedWorkflowForSNASPARSHDated11082025.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/FestivaLAdvance.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/AllTenderDocuments.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/Fisherysamplenotification.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/UPSC_Advt-02-2026_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1494.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DAHDVacancyCircularDated07052026RecruitmentOf02DCand02AConDeputation.pdf","https://www.dahd.gov.in/sites/default/files/2025-10/OM30Oct2025-NotifyingNewNTMsNaviMumbai-LivestockProducts.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LSQ362.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-08/RTIReply.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/Dec2024toJune2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/AppointmentOrder-IEM.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/DogandCatFoodNotificationSO3926E22Sept2021.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/DraftVHCforImportofPorcineSemen_0.pdf","https://www.dahd.gov.in/sites/default/files/2026-04/RRs-for-the-post-of-Director-IC.pdf","https://www.dahd.gov.in/sites/default/files/2025-07/Dec2024toJune2025.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","https://www.dahd.gov.in/sites/default/files/2023-07/OM17December2021forExclusionoftarifflinesmappedwithAQCSHS4104to4115.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS222.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/PostingOrder_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS418.pdf","https://www.dahd.gov.in/sites/default/files/2024-04/NLMH.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS743.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS68.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1495.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS36.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LSQ450.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1499.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRX26000043.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/OM30Oct2025NotifyingNewNTMsNaviMumbaiLivestockProducts.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS1151.pdf","https://www.dahd.gov.in:80/sites/default/filess/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS259.pdf","https://www.dahd.gov.in:80/hi/schemes-programmes/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS85.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/vacancy_recruitment_advertisement?page=1","https://www.dahd.gov.in:80/sites/default/files/2025-05/rti.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS1174.pdf","https://www.dahd.gov.in/hi/taxonomy/term/102?page=1","https://www.dahd.gov.in:80/sites/default/files/2024-12/Aug2024toSept2024.pdf","https://www.dahd.gov.in:80/hi/node/1628","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS497.pdf","https://www.dahd.gov.in:80/divisions/administration/rti/2022","https://www.dahd.gov.in:80/hi/taxonomy/term/283","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DoE07082023MotherSanctionUpto50PercentOfAAPInOneGo.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS457.pdf","https://www.dahd.gov.in:80/divisions/administration/rti/2021","https://www.dahd.gov.in:80/hi/node/1593","https://www.dahd.gov.in:80/hi/node/3869","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS244.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/OM13August2025ForNotifyingNewNTMsDraftVHCForImportOfLivEquine.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS226.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS86.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/OrganisationStructureOfCEPDivision.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/programmes-events?field_date_circular_value=1","https://www.dahd.gov.in:80/hi/taxonomy/term/97","https://www.dahd.gov.in:80/sites/default/files/2025-05/RTIReply.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes/DoEOMDated21102022RegardingAppraisalAndApprovalOfPublicFundedSchemesAndProjects.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/PolicyforIVF-Technology_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/DMSNoticeRequestForExpressionOfInterest.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS746.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/NotificationSO4559Edated16thDecember2020.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS69.pdf","https://www.dahd.gov.in/hi/taxonomy/term/102/feed","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS1866.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/11082dd2-e35c-4b9a-a4bd-05b7e3cd282_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/UK.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1503.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS1561.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS272.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/DIDF-AA-for-2022-23.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS727.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS535.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/April2024ToJuly2024.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/vacancy_recruitment_advertisement?field_date_circular_value=1","https://www.dahd.gov.in:80/sites/default/files/2024-10/RS264.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS1877.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/IntegrityPledgeCeremony_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-03/RTI0.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/dms-related?field_date_circular_value=1","https://www.dahd.gov.in:80/sites/default/files/2025-11/Reminder-MigrationfromNPStoUPS-last-date30-11-2025_0.pdf","https://www.dahd.gov.in/hi/taxonomy/term/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-04/SignedOperationalGuidelineOfISS-Scheme.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS1880.pdf","https://www.dahd.gov.in:80/hi/node/1627","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS2130.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/LS1888.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-03/RTIHearing.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/VigilanceWeek2025.pdf","https://www.dahd.gov.in/sites/default/files/2026-05/DOAHDRE26002671.pdf","https://www.dahd.gov.in:80/hi/node/3868","https://www.dahd.gov.in:80/sites/default/files/2025-11/MeetingNoticeforApplicants_0.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/283/feed","https://www.dahd.gov.in:80/sites/default/files/2025-10/Office-Order_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS2133.pdf","https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","https://www.dahd.gov.in:80/sites/default/files/2025-03/RTI-Reply.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRT26000121.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/Nomination-of-Officers_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-11/FinalDistrictWiseStrayCattleDog.xlsx","https://www.dahd.gov.in:80/hi/taxonomy/term/102","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-budget/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-03/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-03/RTIReply11032025.pdf","https://www.dahd.gov.in/sites/default/files/2024-05/2921-RabiesLeaflet-F1-4.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/RTI12Mar26.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-budget/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-10/RashtriyaEktaDiwasPledgeon-31-10-2025.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-monsoon/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-04/RS206.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/OfficeOrder__0.pdf","https://www.dahd.gov.in:80/hi/node/1626","https://www.dahd.gov.in:80/hi/office_order_circular/vacancy_recruitment_advertisement?field_date_circular_value=1&page=1","https://www.dahd.gov.in:80/hi/office_order_circular/vacancy_recruitment_advertisement?page=0","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRP26000021.pdf","https://www.dahd.gov.in:80/hi/node/3181","https://www.dahd.gov.in:80/hi/node/3867","https://www.dahd.gov.in:80/sites/default/files/2024-10/LS1189.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-12/Circular11122025_0.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/didf?field_date_didf_value=1","https://www.dahd.gov.in:80/hi/node/3180","https://www.dahd.gov.in:80/hi/node/1625","https://www.dahd.gov.in:80/hi/node/2860","https://www.dahd.gov.in:80/hi/node/3179","https://www.dahd.gov.in:80/sites/default/files/2025-02/RTIOrderDt12-02-2025002_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/OM30October2025NotifyingNewNTMsNaviMumbaiLiveAnimals.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE26000486.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/RTIOrderDt12-02-2025001.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/RTIHearingOrderDt31-01-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE260004810.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/RTIHearingOrderDt-31-01-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE260004814.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/RajivKhoslaRTI.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE2600072.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/RTI.pdf","https://www.dahd.gov.in:80/hi/schemes-programmes/lh-dc?field_date_lhdc_value=1&field_years_lhdc_target_id=566","https://www.dahd.gov.in:80/sites/default/files/2025-01/VinodSanklaRTI.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/NominationofOfficers_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/TrainingSession_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/CyberSecurityAwarenessProgram_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/PashuAushadhiGuidelinesLHDCP_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/OM30Oct2025-NotifyingNewNTMsNaviMumbaiLivestockProducts.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE260004818.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/MoM22nd-NSC.pdf","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-winter/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2025-01/AnuragYadavRTI.pdf","https://www.dahd.gov.in:80/parliament/rajya-sabha-questions/rs-winter/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRT26000211.pdf","https://www.dahd.gov.in:80/hi/node/1624","https://www.dahd.gov.in:80/parliament/lok-sabha-questions/ls-monsoon/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/hi/node/1623","https://www.dahd.gov.in:80/hi/node/2271","https://www.dahd.gov.in:80/sites/default/files/2025-07/EstablishmentofBreedersAssociations.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-12/RTIHearingDt28-11-2024.pdf","https://www.dahd.gov.in:80/sites/default/filess/Signed%20Operational%20Guideline%20of%20ISS%20scheme_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/MeetingNotice_1.pdf","https://www.dahd.gov.in:80/hi/node/2270","https://www.dahd.gov.in:80/sites/default/files/2025-10/GSR737-07-10-2025-VHCLiveEquine_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/MoM20th-NSC.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/MoM19thNSC.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/Meeting-Notice_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-06/FinalOperationalGuidelinesforRevisedRashtriyaGokulMission-v1-4-6-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/RTIOrderDt12-02-2025003_0.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/102/feed","https://www.dahd.gov.in:80/hi/office_order_circular/vacancy_recruitment_advertisement?field_date_circular_value=1&page=0","https://www.dahd.gov.in:80/sites/default/files/2025-03/OM20March25.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/102?page=1","https://www.dahd.gov.in:80/sites/default/files/2026-01/MoM21stNSC.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/97/feed","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE2600100.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/notifications?field_date_circular_value=1","https://www.dahd.gov.in:80/hi/taxonomy/term/97?page=1","https://www.dahd.gov.in:80/sites/default/files/2025-10/IAS-Officers-on-iGOT_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE2600082.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=1","https://www.dahd.gov.in:80/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","https://www.dahd.gov.in:80/sites/default/files/2026-01/DOAHD-A-E-25-00122reply.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/SOPforAI-Technicians2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/DOAHD-A-E-25-00121reply.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-03/DOAHDRE2600074.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-11/ChannelofSubmission_0.pdf","https://www.dahd.gov.in:80/hi/schemes/programmes/animal-husbandry-statistics?field_date_ahs_value=1","https://www.dahd.gov.in:80/sites/default/files/2026-01/DOAHD-A-E-25-00117reply.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/DOAHD-A-E-25-00123-reply.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-09/NIC-merged.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/ReplytoShriSubhasChandraAgrawalRTIAppeal.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/DOAHD-R-E-24-0251.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/RevisedTimelinesforAPAR2024-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/2024-06-12InformationUnderRTI.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-06/NodalRTI.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/WorkAllocationSrOfficers.pdf","https://www.dahd.gov.in:80/hi/taxonomy/term/97?page=0","https://www.dahd.gov.in:80/sites/default/files/2024-08/TotalNumberofForeignAndDomesticToursDuring2023-24.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/RTIAppealofSubhashAgarwal.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-02/ManualforSurabhiChayanShrankhala-2024.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/July2022Jan2023GrossSalary.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI-20MAY2024.pdf","https://www.dahd.gov.in:80/hi/division/administration/rti/sites/default/files/2024-08/2024-06-14CICOrderEnglish.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/VishwasKamblePatil398001.pdf","https://www.dahd.gov.in:80/hi/office_order_circular/miscellaneous?field_date_circular_value=1","https://www.dahd.gov.in:80/sites/default/files/2024-05/VishwasKamblePatil401001.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/VishwasKamblePatil400001.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/ShNT-Niyas.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/Form.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/VishwasKamblePatil402001.pdf","https://www.dahd.gov.in:80/hi/division/administration/rti/sites/default/files/2024-08/themes/mindahd/css/no-js.css","https://www.dahd.gov.in:80/hi/schemes/programmes/rashtriya_gokul_mission?field_date_rgm_end_value=1","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirGujaratLivestockDevelopmentBoardGandhinagarGujarat.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI__0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI_2.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/AW-Extension_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/Corrigendum-MoM-of-Fifth-NSC-NADCP-MoM.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/OrderDt21032024.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/2024-06-12-ComplianceOfCICOrder.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryNationalDairyResearchInstituteNDRIHaryana.pdf","https://www.dahd.gov.in/sites/default/files/2026-03/DOAHDRE2600074.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI_4.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/RTI0_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-06/BAHS_2021.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments/MfPoCS2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-04/UPSC_Advt-02-2026_0.pdf","https://www.dahd.gov.in/sites/default/files/2023-08/AHDF-KCCGuidelines.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments/MfPoNCS2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/SectionOfficerAssistantAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2024-10/SireDirectoryKulathupuzhaSemenStationKLDB.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme/DOEOM21052024SNASparsh.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/ArmedForcesFlagDay_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-08/2024-06-14CICOrderEnglish.pdf","https://www.dahd.gov.in/sites/default/files/2025-11/NoticeForEngagementOfYPsInDAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/AdimistrativeApprovalDIDF2021-22.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/10MARCHAAAGFAHD.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/AHIDF-H.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/SheepBrochure.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/PoultryFarmBrochure.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/LowerDivisionClerkAPAR.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/2020-21-DDG.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/1_69_2007_IR.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/OM17December2021forExclusionoftarifflinesmappedwithAQCSHS4104to4115.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-05/DAHDVacancyCircularDated07052026RecruitmentOf02DCand02AConDeputation.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-10/AW_0.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryMattupettySemenStationPart2KLDB.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-01/NLM-03-01-2025.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirectoryKulathupuzhaSemenStationKLDB.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-05/2922-ZoonticBrochure-I-Web.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/DirectorAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2023-07/DeputySecretaryAPAR.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-07/DeputySecretaryAPAR.pdf","https://www.dahd.gov.in/sites/default/files/2026-02/StrategyDocumenmtonPreventionandControlofMastitis_1.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-01/PoultryFarmBrochure.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-10/SireDirFrozenSemenBullStationBarpettaALDAAssam.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/Notice.pdf","https://www.dahd.gov.in/sites/default/files/2025-01/FodderBrochure.pdf","https://www.dahd.gov.in:80/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM/DoECreationUpgradationRevisedGuidelinesForCentralGovernment05012024.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/M-03003-1-2021-Ad-4-E-18913.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/CircularAPAR2021-22.pdf","https://www.dahd.gov.in/sites/default/files/2025-05/HindiAnnualReport2024-25.pdf","https://www.dahd.gov.in:80/sites/default/files/2024-04/Circular-Reminder-APAR-2021-22.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-07/Circular-Reminder-APAR-2021-22.pdf","https://www.dahd.gov.in:80/sites/default/files/2023-08/DIDF-Cosolidated-AA-for-2020-21.pdf","https://www.dahd.gov.in:80/sites/default/files/2025-05/HindiAnnualReport2024-25.pdf"],"duration":214.17743611335754},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06403994560242},"passive_scan":{"status":"completed","duration":0.0051081180572509766},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"www.dahd.gov.in","open_ports":[80,443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":4981.102356910706},"vulnerabilities":{"total_alerts":6436,"high_risk":0,"medium_risk":1194,"low_risk":325,"informational":4917,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"0","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"6","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"7","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"8","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"9","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/robots.txt","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":6,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"6","inputVector":"","url":"https://www.dahd.gov.in/robots.txt","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"10","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":93,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"15","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":168,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"16","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":146,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"146","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"17","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":148,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"18","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":259,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"259","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"19","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":141,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"141","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"20","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":265,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"265","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"21","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":186,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"186","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"22","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":145,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"145","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"23","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":179,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"179","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"24","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":189,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"189","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"25","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":315,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"315","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"27","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":230,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"230","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"29","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":359,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"359","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"43","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":146,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"146","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"55","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":146,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"146","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"56","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":141,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"141","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"57","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":146,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"146","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"58","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":141,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"141","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"59","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":141,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"141","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"60","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":148,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"65","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":148,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"66","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":259,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"259","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"67","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":148,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"70","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":259,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"259","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"73","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":493,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"493","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"74","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":259,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"259","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"75","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":496,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"496","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"78","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":506,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"87","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":516,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"516","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"88","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":349,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"89","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":423,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"423","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"95","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":230,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"230","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"97","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":515,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"515","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"99","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":230,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"230","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"102","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":526,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"526","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"103","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":179,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"179","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"107","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"108","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"109","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":189,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"189","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"111","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":168,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"114","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"117","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":230,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"230","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"118","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":530,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"530","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"120","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"121","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":145,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"145","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"122","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":186,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"186","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"129","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":542,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"542","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"131","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":518,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"518","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"132","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":186,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"186","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"133","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":549,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"134","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":168,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"137","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":179,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"179","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"138","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":186,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"186","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"140","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":560,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"560","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"144","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":315,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"315","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"145","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":315,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"315","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"146","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":551,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"551","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"148","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":359,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"359","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"152","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":168,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"157","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":265,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"265","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"161","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":315,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"315","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"165","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":359,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"359","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"167","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":179,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"179","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"172","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":493,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"493","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"173","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":265,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"265","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"176","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":359,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"359","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"178","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":526,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"526","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"184","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":493,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"493","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"185","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":526,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"526","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"190","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":526,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"526","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"192","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":265,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"265","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"194","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":664,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"664","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"198","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":506,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"202","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":496,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"496","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"207","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":506,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"208","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":516,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"516","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"211","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":493,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"493","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"213","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":93,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"215","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":423,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"423","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"216","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":93,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"219","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":423,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"423","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"220","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":542,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"542","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"222","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":496,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"496","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"223","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":530,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"530","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"226","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":542,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"542","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"228","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":423,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"423","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"229","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":506,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"231","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":515,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"515","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"233","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":516,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"516","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"235","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":496,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"496","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"236","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":683,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"683","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"237","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":93,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"239","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":530,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"530","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"240","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":530,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"530","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"241","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":682,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"682","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"242","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":542,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"542","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"243","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":515,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"515","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"249","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":703,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"703","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"250","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":712,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"712","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"251","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":93,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"253","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":516,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"516","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"255","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":551,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"551","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"256","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":560,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"560","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"259","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":684,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"260","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":551,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"551","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"261","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":549,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"264","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":515,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"515","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"265","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":713,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"713","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"267","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"269","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":551,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"551","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"270","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":717,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"717","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"271","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":664,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"664","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"272","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":560,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"560","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"273","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"274","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":549,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"276","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":549,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"277","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"278","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":518,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"518","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"279","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":664,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"664","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"280","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":664,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"664","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"281","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":560,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"560","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"284","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":518,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"518","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"285","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":714,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"714","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"286","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":722,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"722","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"287","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":716,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"716","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"288","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":518,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"518","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"289","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":724,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"291","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":720,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"720","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"295","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":763,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"763","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"296","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":755,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"755","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"298","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":748,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"748","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"301","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":764,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"306","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":770,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"311","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":777,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"777","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"313","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":765,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"765","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"317","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":775,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"321","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":769,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"769","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"326","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":712,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"712","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"329","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":712,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"712","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"334","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":768,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"768","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"345","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":786,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"786","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"348","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":683,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"683","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"349","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":683,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"683","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"350","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":712,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"712","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"351","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":713,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"713","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"352","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":703,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"703","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"354","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":713,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"713","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"357","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":716,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"716","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"360","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":783,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"783","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"362","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":790,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"790","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"363","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":683,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"683","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"367","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":713,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"713","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"368","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":717,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"717","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"369","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":780,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"780","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"371","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":682,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"682","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"374","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":764,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"375","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":789,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"377","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":714,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"714","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"378","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":779,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"779","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"380","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":794,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"794","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"381","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":716,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"716","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"386","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":684,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"389","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":798,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"393","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":763,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"763","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"394","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":724,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"395","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":797,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"797","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"396","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":748,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"748","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"403","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":802,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"802","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"404","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":799,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"405","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":769,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"769","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"414","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":769,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"769","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"415","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":703,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"703","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"418","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":682,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"682","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"420","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":764,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"421","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":714,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"714","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"422","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":703,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"703","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"423","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":682,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"682","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"427","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":764,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"428","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":763,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"763","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"429","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":717,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"717","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"432","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":684,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"433","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":714,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"714","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"434","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":720,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"720","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"435","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":720,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"720","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"436","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"722","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"440","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":800,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"800","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"441","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":724,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"443","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":716,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"716","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"445","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":763,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"763","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"447","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":755,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"755","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"456","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":755,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"755","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"457","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":755,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"755","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"458","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":748,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"748","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"459","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":812,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"812","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"461","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":789,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"469","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":789,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"470","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":789,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"471","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":769,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"769","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"473","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":828,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"828","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"480","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":770,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"481","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":813,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"813","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"482","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"722","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"484","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":717,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"717","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"485","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":684,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"486","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":720,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"720","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"489","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":768,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"768","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"491","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":768,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"768","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"492","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":768,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"768","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"493","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":724,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"496","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":816,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"816","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"497","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":818,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"818","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"498","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":777,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"777","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"500","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":809,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"809","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"502","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":819,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"819","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"503","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":775,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"504","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":777,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"777","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"505","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":765,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"765","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"506","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":832,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"832","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"507","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":775,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"508","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":777,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"777","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"509","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":765,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"765","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"512","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":765,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"765","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"514","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":853,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"516","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":790,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"790","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"524","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":803,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"803","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"527","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":748,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"748","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"528","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":834,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"834","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"529","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":810,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"810","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"530","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":868,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"868","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"533","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":786,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"786","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"535","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":783,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"783","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"537","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":770,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"538","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":794,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"794","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"539","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"722","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"542","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":797,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"797","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"547","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":826,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"826","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"550","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":775,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"553","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":786,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"786","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"556","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":786,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"786","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"557","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":836,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"836","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"559","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":812,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"812","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"562","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":783,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"783","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"563","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":783,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"783","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"564","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":798,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"566","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":790,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"790","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"568","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":790,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"790","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"569","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":797,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"797","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"572","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":830,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"830","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"574","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":812,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"812","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"576","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":812,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"812","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"577","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":779,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"779","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"581","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":816,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"816","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"582","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":816,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"816","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"583","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":816,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"816","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"584","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":779,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"779","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"585","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":779,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"779","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"586","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":780,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"780","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"592","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":853,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"595","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":770,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"597","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":798,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"600","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":794,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"794","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"603","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":794,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"794","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"605","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":851,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"851","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"606","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":861,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"861","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"608","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":797,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"797","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"609","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":849,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"611","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":813,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"813","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"616","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":836,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"836","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"617","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":843,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"843","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"618","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":813,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"813","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"619","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":780,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"780","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"624","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":828,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"828","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"625","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":865,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"865","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"626","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":800,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"800","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"627","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":800,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"800","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"628","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":836,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"836","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"629","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":780,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"780","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"631","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":860,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"860","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"632","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":833,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"833","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"633","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":839,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"839","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"634","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":853,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"636","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":798,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"639","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":799,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"641","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":813,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"813","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"642","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":802,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"802","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"644","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":800,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"800","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"645","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":802,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"802","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"649","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":882,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"882","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"650","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":850,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"653","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":802,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"802","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"654","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":828,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"828","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"657","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":836,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"836","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"663","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":853,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"669","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":810,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"810","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"674","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":799,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"675","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":832,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"832","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"678","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":885,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"885","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"679","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":810,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"810","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"680","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":883,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"682","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":828,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"828","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"688","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":810,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"810","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"690","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":897,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"696","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":818,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"818","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"697","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":799,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"698","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":819,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"819","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"700","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":832,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"832","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"702","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":818,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"818","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"703","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":809,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"809","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"704","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":834,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"834","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"705","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":896,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"896","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"709","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":886,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"886","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"712","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":868,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"868","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"714","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":894,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"894","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"715","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":862,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"862","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"716","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":819,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"819","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"725","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":889,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"889","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"726","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":830,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"830","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"728","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":832,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"832","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"729","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":826,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"826","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"731","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":818,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"818","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"732","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":809,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"809","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"733","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":834,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"834","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"735","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":803,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"803","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"737","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":884,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"884","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"738","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":868,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"868","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"739","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":887,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"746","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":906,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"906","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"751","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":819,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"819","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"753","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":830,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"830","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"756","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":851,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"851","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"757","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":826,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"826","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"759","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":809,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"809","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"760","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":907,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"907","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"764","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":904,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"904","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"765","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":905,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"905","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"766","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":834,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"834","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"769","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":803,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"803","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"770","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":865,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"865","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"772","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":868,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"868","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"773","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":909,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"909","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"774","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":893,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"893","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"780","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":830,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"830","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"783","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":851,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"851","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"784","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":913,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"786","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":914,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"914","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"787","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":826,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"826","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"789","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":923,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"923","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"794","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":865,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"865","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"799","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":839,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"839","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"801","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":849,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"803","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":839,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"839","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"804","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":851,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"851","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"808","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":833,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"833","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"809","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":924,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"811","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":928,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"928","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"812","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":803,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"803","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"816","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":860,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"860","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"817","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":897,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"819","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":897,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"820","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":850,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"821","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":897,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"822","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":865,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"865","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"823","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":843,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"843","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"825","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":861,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"861","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"826","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":843,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"843","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"827","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":849,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"831","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":839,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"839","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"834","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":833,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"833","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"836","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":885,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"885","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"837","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":883,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"839","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":882,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"882","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"840","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":882,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"882","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"841","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":882,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"882","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"842","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":860,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"860","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"844","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":850,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"845","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":861,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"861","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"846","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":843,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"843","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"847","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":849,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"855","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":833,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"833","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"860","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":885,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"885","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"863","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":883,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"865","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":896,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"896","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"866","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":860,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"860","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"870","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":850,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"874","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":885,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"885","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"887","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":883,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"890","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":896,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"896","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"891","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":861,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"861","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"897","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":905,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"905","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"905","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":884,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"884","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"907","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":889,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"889","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"908","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":889,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"889","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"909","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":896,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"896","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"913","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":907,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"907","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"917","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":904,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"904","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"921","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":906,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"906","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":"","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"922","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":894,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"894","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"923","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":909,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"909","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"924","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":905,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"905","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"926","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":905,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"905","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"928","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":884,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"884","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"929","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":889,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"889","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"930","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":928,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"928","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"931","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":887,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"932","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":914,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"914","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"933","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":862,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"862","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"935","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":907,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"907","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"936","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":923,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"923","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"937","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":924,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"939","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":886,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"886","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"941","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":904,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"904","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","POLICY_QA_STD":"","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":"","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"942","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":906,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"906","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"943","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":894,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"894","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"944","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":909,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"909","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"945","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":913,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"947","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":884,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"884","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"948","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":928,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"928","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"949","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":887,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"950","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":914,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"914","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"951","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":862,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"862","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"952","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":907,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"907","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"954","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":923,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"923","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"955","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":924,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"956","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":886,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"886","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"958","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":904,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"904","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"960","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":906,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"906","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"961","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":894,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"894","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"962","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":909,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"909","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"963","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":913,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"964","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":928,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"928","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"965","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":887,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"966","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":914,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"914","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"967","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":862,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"862","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"968","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":923,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"923","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"970","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":886,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"886","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"972","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":913,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"974","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":893,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"893","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"975","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":924,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"977","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":893,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"893","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"980","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":893,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"893","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"982","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":930,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"930","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"989","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":931,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"931","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"991","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":933,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"992","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":932,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"932","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"993","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":934,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"994","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":937,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"937","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"996","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":940,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"940","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1003","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":930,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"930","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1006","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":930,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"930","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1009","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":942,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"942","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1014","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":930,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"930","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1018","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":943,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"943","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1019","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":944,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"944","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1020","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":945,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"945","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1021","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":931,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"931","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","POLICY_DEV_STD":"","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1033","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":946,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"946","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1034","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":933,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1035","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":948,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"948","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1036","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":947,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1040","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":934,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1042","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":950,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"950","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1044","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":949,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"949","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1045","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":951,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"951","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1048","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":952,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"952","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1049","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":937,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"937","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1050","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":931,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"931","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1051","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":933,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1052","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":955,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"955","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1060","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":932,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"932","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1061","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":934,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1062","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":937,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"937","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1069","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":931,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"931","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1071","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":933,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1072","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":940,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"940","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1074","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":957,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"957","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1076","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":932,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"932","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1079","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":958,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1081","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":934,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1086","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":962,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"962","inputVector":"","url":"https://www.dahd.gov.in/hi/useful-links","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1089","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":937,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"937","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1092","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":940,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"940","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1094","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":932,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"932","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1101","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":972,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1105","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":970,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"970","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1106","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":942,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"942","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1111","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":943,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"943","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1112","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":940,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"940","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1117","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":945,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"945","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1121","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":942,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"942","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1131","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":943,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"943","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1132","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":944,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"944","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1137","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":945,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"945","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1138","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":952,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"952","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1140","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":952,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"952","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1141","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":951,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"951","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1142","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":947,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1143","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":946,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"946","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1145","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":948,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"948","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1146","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":942,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"942","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1147","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":943,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"943","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1148","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":950,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"950","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1151","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":949,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"949","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1152","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":944,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"944","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1154","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":945,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"945","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1155","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":991,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"991","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1157","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":990,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"990","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1158","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":995,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"995","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1160","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":944,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"944","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1161","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":946,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"946","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1163","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":952,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"952","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1164","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":951,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"951","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1165","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":947,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1167","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":955,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"955","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1168","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":948,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"948","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1169","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":997,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"997","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1170","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":950,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"950","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1173","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":949,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"949","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1174","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1003,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1181","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":946,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"946","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1183","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":951,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"951","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1184","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":947,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1185","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":955,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"955","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1186","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":955,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"955","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1188","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":950,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"950","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1189","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":949,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"949","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1191","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":958,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1193","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":958,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1197","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":989,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"989","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1198","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":948,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"948","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1201","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":957,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"957","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1204","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":962,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"962","inputVector":"","url":"https://www.dahd.gov.in/hi/useful-links","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1205","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":972,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1206","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":958,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1209","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":970,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"970","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1211","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":970,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"970","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1212","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":970,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"970","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1214","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":957,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"957","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1218","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":962,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"962","inputVector":"","url":"https://www.dahd.gov.in/hi/useful-links","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1219","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":972,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1220","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":991,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"991","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1227","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":991,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"991","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1228","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":962,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"962","inputVector":"","url":"https://www.dahd.gov.in/hi/useful-links","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1229","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":972,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1230","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":995,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"995","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1233","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":957,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"957","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1234","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":991,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"991","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1236","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":990,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"990","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1237","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":995,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"995","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1240","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":997,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"997","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1241","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":990,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"990","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1243","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":995,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"995","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1244","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1003,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1245","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":990,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"990","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1246","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":997,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"997","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1247","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1003,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1248","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":997,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"997","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1249","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1003,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1251","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":989,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"989","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1254","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":989,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"989","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1255","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":989,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"989","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1256","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1124,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1124","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1260","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1132,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1132","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1262","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1124,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1124","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1273","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1132,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1132","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1274","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1124,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1124","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1276","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1132,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1132","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1277","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1124,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1124","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1279","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1132,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1132","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1280","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1164,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1164","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1297","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1164,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1164","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1302","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1164,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1164","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1303","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1164,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1164","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1304","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1220,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1220","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1311","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1221,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1221","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1312","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1222,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1222","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1313","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1226,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1315","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1220,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1220","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1324","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1228,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1325","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1220,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1220","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1326","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1220,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1220","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1327","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1229,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1229","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1329","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1231,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1231","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1333","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1232,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1232","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1336","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1221,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1221","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1346","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1221,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1221","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1348","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1221,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1221","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1352","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1226,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1353","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1222,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1222","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1356","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1226,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1359","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1222,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1222","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1361","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1229,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1229","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1363","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1226,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1364","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1228,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1365","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1222,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1222","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1366","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1229,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1229","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1369","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1252,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1252","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1370","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1228,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1371","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1229,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1229","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1372","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1231,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1231","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1373","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1232,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1232","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1374","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1228,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1375","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1231,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1231","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1376","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1231,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1231","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1377","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1232,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1232","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1379","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1265,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1380","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1232,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1232","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1381","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1252,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1252","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1391","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1265,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1392","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1278,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1393","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1252,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1252","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1394","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1252,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1252","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1395","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1265,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1396","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1265,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1398","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1278,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1402","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1278,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1403","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1278,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1404","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1300,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1300","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1406","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1304,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1408","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1300,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1300","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1414","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1300,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1300","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1416","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1300,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1300","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1418","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1304,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1419","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1304,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1420","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1304,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1421","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1317,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1317","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1422","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1320,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1320","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1424","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1320,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1320","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1433","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1317,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1317","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1434","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1320,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1320","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1435","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1317,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1317","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1436","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1320,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1320","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1437","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1317,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1317","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1438","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1338,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1338","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1439","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1349,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1349","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1441","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1338,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1338","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1446","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1338,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1338","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1447","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1338,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1338","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1448","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1349","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1452","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1359,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1359","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1453","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1349","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1454","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1349,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1349","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1456","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1359,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1359","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1460","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1359,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1359","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1461","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1359,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1359","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1462","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1386,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1386","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1463","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1390,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1390","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1468","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1386,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1386","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1469","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1386,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1386","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1470","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1386,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1386","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1471","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1393,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1473","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1390,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1390","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1481","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1400,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1400","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1482","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1390,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1390","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1484","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1393,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1485","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1390,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1390","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1486","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1393,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1488","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1393,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1489","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1403,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1403","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1490","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1400,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1400","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1498","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1403,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1403","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1499","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1400,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1400","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1500","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1403,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1403","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1501","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1400,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1400","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1502","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1403,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1403","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1503","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1426,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1426","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1504","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1427,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1506","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1428,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1508","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1426,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1426","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1516","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1426,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1426","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1517","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1427,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1518","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1427,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1520","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1426,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1426","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1521","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1427,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1523","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1428,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1525","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1428,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1526","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1428,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1527","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1460,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1460","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1528","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1457,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1457","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1529","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1450,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1450","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1530","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1452,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1452","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1533","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1479,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1536","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1484,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1537","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1498,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1498","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1545","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1460,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1460","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1547","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1457,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1457","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1549","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1460,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1460","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1551","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1457,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1457","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1554","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1460,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1460","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1555","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1477,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1557","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1500,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1560","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1457,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1457","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1561","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1524,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1524","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1568","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1515,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1570","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1450,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1450","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1571","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1452,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1452","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1574","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1479,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1577","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1450,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1450","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1578","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1452,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1452","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1581","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1479,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1584","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1484,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1585","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1450,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1450","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1586","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1452,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1452","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1587","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1498,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1498","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1588","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1479,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1589","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1484,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1590","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1498,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1498","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1591","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1484,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1592","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1498,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1498","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1593","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1528,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1528","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1594","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1524,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1524","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1598","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1524,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1524","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1599","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1524,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1524","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1601","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1500,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1608","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1500,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1610","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1560,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1613","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1500,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1614","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1515,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1615","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1515,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1618","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1515,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1623","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1477,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1624","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1586,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1586","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1625","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1477,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1627","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1477,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1628","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1593,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1629","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1528,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1528","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1632","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1528,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1528","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1633","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1601,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1637","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1528,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1528","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1639","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1560,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1642","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1560,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1645","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1560,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1647","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1620,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1653","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1586,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1586","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1654","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1586,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1586","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1655","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1586,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1586","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1657","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1601,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1664","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1627,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1627","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1665","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1593,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1666","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1601,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1667","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1601,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1668","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1593,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1669","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1629,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1629","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1670","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1633,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1633","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1672","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1593,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1674","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1646,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1646","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1681","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1620,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1687","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1657,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1657","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1688","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1620,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1693","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1620,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1698","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1633,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1633","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1702","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1629,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1629","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1703","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1627,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1627","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1704","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1629,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1629","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1706","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1633,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1633","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1708","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1627,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1627","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1709","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1629,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1629","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1711","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1633,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1633","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1712","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1627,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1627","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1713","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1646,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1646","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1716","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1675,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1675","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1717","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1646,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1646","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1718","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1646,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1646","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1719","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1657,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1657","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1725","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1657,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1657","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1727","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1657,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1657","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1730","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1717,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1717","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1734","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1675,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1675","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1735","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1718,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1718","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1736","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1675,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1675","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1738","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1722,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1722","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1740","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1719,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1719","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1741","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1675,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1675","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1742","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1742,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1742","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1749","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1799,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1799","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1754","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1717,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1717","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1757","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1717,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1717","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1761","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1717,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1717","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1771","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1722","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1777","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1845,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1778","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1719,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1719","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1779","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1824,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1824","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1783","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1841,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1841","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1784","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1722","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1785","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1718,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1718","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1786","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1842,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1842","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1787","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1719,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1719","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1789","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1722","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1794","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1742,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1742","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1795","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1719,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1719","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1796","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1718,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1718","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1798","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1742,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1742","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1805","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1718,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1718","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1806","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1742,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1742","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1810","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1799,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1799","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1813","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1799,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1799","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1816","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1845,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1817","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1799,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1799","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1820","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1845,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1821","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1903,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1822","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1845,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1827","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1841,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1841","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1835","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1824,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1824","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1836","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1911,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1911","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1837","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1842,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1842","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1838","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1841,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1841","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1841","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1824,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1824","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1842","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1842,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1842","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1843","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1841,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1841","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1846","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1824,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1824","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1847","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1842,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1842","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1848","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1903,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1851","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1903,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1852","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1903,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1853","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1911,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1911","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1860","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1911,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1911","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1862","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1927,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1927","inputVector":"","url":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1864","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1925,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1925","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1865","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1911,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1911","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1866","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2119,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2119","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1877","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2122,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2122","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1879","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1927,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1927","inputVector":"","url":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1881","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1927,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1927","inputVector":"","url":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1884","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1927,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1927","inputVector":"","url":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1889","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1925,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1925","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1891","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2132,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2132","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1892","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2136,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1894","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1925,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1925","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1895","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1925,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1925","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1897","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2152,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1898","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2119,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2119","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1910","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2119,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2119","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1911","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2122,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2122","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1912","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2119,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2119","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1913","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2122,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2122","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1915","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2122,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2122","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1918","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2132,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2132","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1925","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2132,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2132","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1928","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2132,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2132","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1931","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2165,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1934","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1935","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2152,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1936","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1938","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2152,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1939","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2136,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1940","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2152,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1943","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2165,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1950","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2165,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1951","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2165,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1952","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2253,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1957","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2342,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1968","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2253,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1977","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2253,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1980","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2253,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1982","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2253,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1983","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2449,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2449","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1990","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2342,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1991","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2342,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1992","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2342,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1993","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2342,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"1994","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2471,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2471","inputVector":"","url":"https://www.dahd.gov.in:80/document/citizencharter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1996","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2458,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2458","inputVector":"","url":"https://www.dahd.gov.in:80/division/awd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1997","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2464,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2464","inputVector":"","url":"https://www.dahd.gov.in:80/division/kcc","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1998","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2467,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1999","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2482,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2482","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2006","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2455,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2455","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2009","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2449,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2449","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2012","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2456,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2456","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2013","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2449,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2449","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2014","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2484,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2484","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2015","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2449,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2449","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2018","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2471,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2471","inputVector":"","url":"https://www.dahd.gov.in:80/document/citizencharter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2022","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2471,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2471","inputVector":"","url":"https://www.dahd.gov.in:80/document/citizencharter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2025","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2471,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2471","inputVector":"","url":"https://www.dahd.gov.in:80/document/citizencharter","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2032","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2458,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2458","inputVector":"","url":"https://www.dahd.gov.in:80/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2042","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2482,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2482","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2043","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2458,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2458","inputVector":"","url":"https://www.dahd.gov.in:80/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2044","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2464,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2464","inputVector":"","url":"https://www.dahd.gov.in:80/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2045","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2482,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2482","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2046","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2467,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2047","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2458,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2458","inputVector":"","url":"https://www.dahd.gov.in:80/division/awd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2048","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2464,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2464","inputVector":"","url":"https://www.dahd.gov.in:80/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2049","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2482,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2482","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2050","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2467,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2051","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2464,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2464","inputVector":"","url":"https://www.dahd.gov.in:80/division/kcc","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2052","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2467,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2053","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2484,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2484","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2057","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2484,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2484","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2058","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2484,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2484","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2059","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2494,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2060","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2456,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2456","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2070","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2456,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2456","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2072","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2456,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2456","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2074","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2494,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2081","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2455,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2455","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2082","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2494,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2083","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2494,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2084","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2455,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2455","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2085","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2455,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2455","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2086","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2502,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2502","inputVector":"","url":"https://www.dahd.gov.in:80/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2124","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2509,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2509","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/cash-section","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2126","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2521,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2127","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2534,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2534","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2130","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2543,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2543","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/about-departments","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2131","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2545,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2545","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2134","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2502,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2502","inputVector":"","url":"https://www.dahd.gov.in:80/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2145","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2502,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2502","inputVector":"","url":"https://www.dahd.gov.in:80/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2146","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2502,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2502","inputVector":"","url":"https://www.dahd.gov.in:80/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2148","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2561,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2561","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2154","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2509,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2509","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2155","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2558,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2558","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2156","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2576,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2576","inputVector":"","url":"https://www.dahd.gov.in:80/parliament/parliament_questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2157","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2509,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2509","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2162","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2600,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2169","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2509,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2509","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/cash-section","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2173","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2543,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2543","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/about-departments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2174","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2534,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2534","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-II","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2175","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2603,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2603","inputVector":"","url":"https://www.dahd.gov.in:80/dahd-dashboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2177","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2604,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2604","inputVector":"","url":"https://www.dahd.gov.in:80/contact_us","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2179","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2545,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2545","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2182","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2543,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2543","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/about-departments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2183","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2534,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2534","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-II","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2184","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2607,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2607","inputVector":"","url":"https://www.dahd.gov.in:80/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2185","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2521,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2187","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2534,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2534","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-II","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2195","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2545,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2545","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2196","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2543,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2543","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/about-departments","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2197","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2606,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2606","inputVector":"","url":"https://www.dahd.gov.in:80/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2198","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2521,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2203","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2610,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2610","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2210","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2611,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2611","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2211","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2545,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2545","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2212","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2521,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2217","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2576,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2576","inputVector":"","url":"https://www.dahd.gov.in:80/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2228","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2561,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2561","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2229","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2614,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2614","inputVector":"","url":"https://www.dahd.gov.in:80/disclaimer","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2232","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2558,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2558","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2236","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2576,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2576","inputVector":"","url":"https://www.dahd.gov.in:80/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2238","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2561,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2561","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2239","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2604,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2604","inputVector":"","url":"https://www.dahd.gov.in:80/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2244","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2616,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2616","inputVector":"","url":"https://www.dahd.gov.in:80/help","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2245","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2600,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2246","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2603,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2603","inputVector":"","url":"https://www.dahd.gov.in:80/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2247","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2558,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2558","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2248","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2607,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2607","inputVector":"","url":"https://www.dahd.gov.in:80/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2250","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2603,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2603","inputVector":"","url":"https://www.dahd.gov.in:80/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2251","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2561,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2561","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2252","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2604,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2604","inputVector":"","url":"https://www.dahd.gov.in:80/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2256","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2576,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2576","inputVector":"","url":"https://www.dahd.gov.in:80/parliament/parliament_questions","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2257","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2600,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2258","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2558,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2558","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2260","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2607,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2607","inputVector":"","url":"https://www.dahd.gov.in:80/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2261","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2603,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2603","inputVector":"","url":"https://www.dahd.gov.in:80/dahd-dashboard","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2262","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2604,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2604","inputVector":"","url":"https://www.dahd.gov.in:80/contact_us","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2267","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2621,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2621","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2268","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2600,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2269","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2607,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2607","inputVector":"","url":"https://www.dahd.gov.in:80/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2271","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2610,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2610","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2274","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2606,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2606","inputVector":"","url":"https://www.dahd.gov.in:80/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2276","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2631,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2278","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2611,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2611","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2281","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2610,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2610","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2282","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2606,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2606","inputVector":"","url":"https://www.dahd.gov.in:80/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2284","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2648,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2648","inputVector":"","url":"https://www.dahd.gov.in:80/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2285","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2611,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2611","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2289","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2610,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2610","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2290","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2606,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2606","inputVector":"","url":"https://www.dahd.gov.in:80/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2292","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2614,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2614","inputVector":"","url":"https://www.dahd.gov.in:80/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2296","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2611,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2611","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2297","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2616,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2616","inputVector":"","url":"https://www.dahd.gov.in:80/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2298","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2656,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2656","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2299","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2614,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2614","inputVector":"","url":"https://www.dahd.gov.in:80/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2302","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2616,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2616","inputVector":"","url":"https://www.dahd.gov.in:80/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2307","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2657,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2308","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2658,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2658","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2310","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2666,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2311","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2614,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2614","inputVector":"","url":"https://www.dahd.gov.in:80/disclaimer","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2312","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2696,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2696","inputVector":"","url":"https://www.dahd.gov.in:80/pashupedia","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2313","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2621,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2621","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2314","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2616,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2616","inputVector":"","url":"https://www.dahd.gov.in:80/help","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2315","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2621,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2621","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2319","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2621,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2621","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2324","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2631,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2326","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2648,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2648","inputVector":"","url":"https://www.dahd.gov.in:80/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2328","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2631,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2333","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2648,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2648","inputVector":"","url":"https://www.dahd.gov.in:80/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2334","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2648,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2648","inputVector":"","url":"https://www.dahd.gov.in:80/feedback","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2337","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2631,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2341","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2656,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2656","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2342","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2722,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2722","inputVector":"","url":"https://www.dahd.gov.in:80/kcc-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2344","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2723,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2723","inputVector":"","url":"https://www.dahd.gov.in:80/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2345","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2724,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2346","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2656,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2656","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2350","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2657,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2351","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2696,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2696","inputVector":"","url":"https://www.dahd.gov.in:80/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2355","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2658,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2658","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2356","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2656,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2656","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2357","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2657,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2358","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2666,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2360","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2657,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2363","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2658,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2658","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2364","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2696,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2696","inputVector":"","url":"https://www.dahd.gov.in:80/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2365","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2666,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2366","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2731,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2731","inputVector":"","url":"https://www.dahd.gov.in:80/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2368","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2658,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2658","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2371","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2696,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2696","inputVector":"","url":"https://www.dahd.gov.in:80/pashupedia","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2372","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2666,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2373","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2722","inputVector":"","url":"https://www.dahd.gov.in:80/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2380","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2723,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2723","inputVector":"","url":"https://www.dahd.gov.in:80/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2381","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2722","inputVector":"","url":"https://www.dahd.gov.in:80/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2383","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2723,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2723","inputVector":"","url":"https://www.dahd.gov.in:80/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2385","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2722,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2722","inputVector":"","url":"https://www.dahd.gov.in:80/kcc-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2387","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2724,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2388","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2723,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2723","inputVector":"","url":"https://www.dahd.gov.in:80/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2389","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2724,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2390","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2733,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2733","inputVector":"","url":"https://www.dahd.gov.in:80/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2392","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2724,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2393","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2738,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2738","inputVector":"","url":"https://www.dahd.gov.in:80/cyber-security-awareness-month","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2394","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2731,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2731","inputVector":"","url":"https://www.dahd.gov.in:80/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2398","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2731,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2731","inputVector":"","url":"https://www.dahd.gov.in:80/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2400","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2731,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2731","inputVector":"","url":"https://www.dahd.gov.in:80/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2401","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2740,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2740","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/iec-material","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2402","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2749,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2749","inputVector":"","url":"https://www.dahd.gov.in:80/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2404","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2738,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2738","inputVector":"","url":"https://www.dahd.gov.in:80/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2410","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2738,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2738","inputVector":"","url":"https://www.dahd.gov.in:80/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2412","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2738,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2738","inputVector":"","url":"https://www.dahd.gov.in:80/cyber-security-awareness-month","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2414","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2733,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2733","inputVector":"","url":"https://www.dahd.gov.in:80/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2416","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2780,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2780","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2417","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2733,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2733","inputVector":"","url":"https://www.dahd.gov.in:80/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2419","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2733,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2733","inputVector":"","url":"https://www.dahd.gov.in:80/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2421","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2740,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2740","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2425","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2785,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2785","inputVector":"","url":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2426","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2740,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2740","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2428","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2765,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2765","inputVector":"","url":"https://www.dahd.gov.in:80/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2429","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2740,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2740","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/iec-material","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2432","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2749,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2749","inputVector":"","url":"https://www.dahd.gov.in:80/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2433","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2792,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2792","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2436","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2794,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2794","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-i","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2437","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2749,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2749","inputVector":"","url":"https://www.dahd.gov.in:80/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2439","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2749,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2749","inputVector":"","url":"https://www.dahd.gov.in:80/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2444","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2780,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2780","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2448","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2785,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2785","inputVector":"","url":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2449","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2801,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2801","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2452","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2800,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2800","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2454","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2780,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2780","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2455","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2785,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2785","inputVector":"","url":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2456","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2780,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2780","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2461","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2785,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2785","inputVector":"","url":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2462","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2765,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2765","inputVector":"","url":"https://www.dahd.gov.in:80/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2466","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2807,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2807","inputVector":"","url":"https://www.dahd.gov.in:80/hi/office_order_circular","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2468","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2792,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2792","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2469","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2794,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2794","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2470","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2765,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2765","inputVector":"","url":"https://www.dahd.gov.in:80/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2471","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2792,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2792","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2473","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2794,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2794","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2474","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2765,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2765","inputVector":"","url":"https://www.dahd.gov.in:80/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2476","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2792,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2792","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2478","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2794,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2794","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-i","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2479","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2801,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2801","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2480","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2801,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2801","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2481","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2825,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2825","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/2814","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2484","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2822,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2822","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2485","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2801,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2801","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/assets-dahd","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2486","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2800,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2800","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2493","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2828,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2828","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2494","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2807,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2807","inputVector":"","url":"https://www.dahd.gov.in:80/hi/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2495","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2800,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2800","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2496","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2807,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2807","inputVector":"","url":"https://www.dahd.gov.in:80/hi/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2497","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2800,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2800","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2501","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2807,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2807","inputVector":"","url":"https://www.dahd.gov.in:80/hi/office_order_circular","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2502","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2833,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2833","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/demand-grants","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2505","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2834,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2834","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2507","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2825,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2825","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/2814","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2511","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2825,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2825","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/2814","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2512","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2822,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2822","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2514","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2825,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2825","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/2814","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2515","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2828,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2828","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2518","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2836,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2836","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/4038","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2519","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2835,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2835","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/3954","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2520","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2822,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2822","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2521","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2828,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2828","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2522","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2822,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2822","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2524","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2828,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2828","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/e-office","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2525","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2834,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2834","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2532","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2834,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2834","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2533","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2834,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2834","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2535","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2833,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2833","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2536","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2833,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2833","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2537","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2833,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2833","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/demand-grants","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2538","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2836,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2836","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/4038","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2545","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2871,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2871","inputVector":"","url":"https://www.dahd.gov.in:80/hi/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2546","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2835,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2835","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/3954","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2547","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2836,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2836","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/4038","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2548","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2836,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2836","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/4038","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2549","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2835,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2835","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/3954","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2550","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2835,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2835","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/3954","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2551","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2885,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2885","inputVector":"","url":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2553","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2889,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2889","inputVector":"","url":"https://www.dahd.gov.in:80/hi/faq","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2554","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2886,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2886","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2555","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2907,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2907","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2561","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2871,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2871","inputVector":"","url":"https://www.dahd.gov.in:80/hi/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2566","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2871,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2871","inputVector":"","url":"https://www.dahd.gov.in:80/hi/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2567","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2871,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2871","inputVector":"","url":"https://www.dahd.gov.in:80/hi/schemes-programmes","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2572","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2885,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2885","inputVector":"","url":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2574","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2885,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2885","inputVector":"","url":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2576","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2885,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2885","inputVector":"","url":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2585","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2889,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2889","inputVector":"","url":"https://www.dahd.gov.in:80/hi/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2587","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2886,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2886","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2592","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2889,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2889","inputVector":"","url":"https://www.dahd.gov.in:80/hi/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2593","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2886,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2886","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2599","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2889,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2889","inputVector":"","url":"https://www.dahd.gov.in:80/hi/faq","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2600","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2907,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2907","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2603","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2886,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2886","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2604","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2907,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2907","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2610","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2907,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2907","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/tender","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2616","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2927,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2927","inputVector":"","url":"https://www.dahd.gov.in:80/hi/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2625","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2927,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2927","inputVector":"","url":"https://www.dahd.gov.in:80/hi/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2649","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2927,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2927","inputVector":"","url":"https://www.dahd.gov.in:80/hi/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2650","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2927,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2927","inputVector":"","url":"https://www.dahd.gov.in:80/hi/photo-gallery","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2652","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":2997,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"2997","inputVector":"","url":"https://www.dahd.gov.in:80/whats-new","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2742","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3003,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3003","inputVector":"","url":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2754","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2997,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2997","inputVector":"","url":"https://www.dahd.gov.in:80/whats-new","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2767","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2997,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2997","inputVector":"","url":"https://www.dahd.gov.in:80/whats-new","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2774","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":2997,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"2997","inputVector":"","url":"https://www.dahd.gov.in:80/whats-new","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2780","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3003,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3003","inputVector":"","url":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2786","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3003,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3003","inputVector":"","url":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2796","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3003,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3003","inputVector":"","url":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2803","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3118,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3118","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"2877","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3118,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3118","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2898","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3118,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3118","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2899","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3118,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3118","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"2900","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3181,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3181","inputVector":"","url":"https://www.dahd.gov.in:80/external-link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3002","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3184,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3021","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3181,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3181","inputVector":"","url":"https://www.dahd.gov.in:80/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3051","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3184,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3052","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3181,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3181","inputVector":"","url":"https://www.dahd.gov.in:80/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3055","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3184,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3056","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3181,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3181","inputVector":"","url":"https://www.dahd.gov.in:80/external-link","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3059","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3184,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3060","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3357,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3357","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3259","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3357,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3357","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3275","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3357,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3357","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3276","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3357,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3357","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3278","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3383,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3383","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3282","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3384,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3384","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3284","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3387,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3387","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3292","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3388,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3294","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3389,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3389","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3302","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3383,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3383","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3310","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3384","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3313","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3383,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3383","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3318","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3384","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3320","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3383,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3383","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3325","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3384,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3384","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3327","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3328","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3387,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3387","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3331","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3333","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3387,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3387","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3336","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3388,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3337","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3389,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3389","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3338","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3387,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3387","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3339","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3389,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3389","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3342","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3389,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3389","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3344","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3415,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3415","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3351","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3423,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3423","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3357","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3415,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3415","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3366","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3415,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3415","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3371","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3415,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3415","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3375","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3423,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3423","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3378","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3433,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3433","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3381","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3423,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3423","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3383","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3423,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3423","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3387","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3441,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3441","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"3407","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3433,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3433","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3411","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3441,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3441","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3445","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3441,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3441","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"3449","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3866,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3866","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"4291","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3872,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3872","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"4298","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3866,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3866","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4308","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3866,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3866","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4313","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3866,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3866","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4318","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3872,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3872","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4319","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3872,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3872","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4323","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3872,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3872","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4326","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/1596","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":3893,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"3893","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/1596","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"4331","alertRef":"10038-1"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/1596","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3893,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3893","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/1596","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4358","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/1596","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3893,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3893","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/1596","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4364","alertRef":"90003"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/1596","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":3893,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"3893","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/1596","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"4372","alertRef":"90003"}],"Low":[{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cse.google.com/cse.js?cx=03ee6b71daa1443cb","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":146,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"146","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"26","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":141,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"141","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"28","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":148,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"30","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":168,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"31","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":259,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"259","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"32","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":186,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"186","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"33","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":265,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"265","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"34","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":93,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"35","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":145,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"145","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"36","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":179,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"179","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"37","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":189,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"189","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"39","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":315,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"315","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"40","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":230,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"230","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"41","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":93,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cse.google.com/cse.js?cx=03ee6b71daa1443cb","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"42","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":359,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"359","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"50","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":493,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"493","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"85","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":496,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"496","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"93","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":506,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"101","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":516,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"516","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"106","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":526,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"526","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"110","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":515,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"515","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"116","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","sourceid":"3","other":"1777456208, which evaluates to: 2026-04-29 09:50:08.","method":"GET","evidence":"1777456208","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":318,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"318","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"124","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":423,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"423","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"126","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":349,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"135","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":530,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"530","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"141","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","sourceid":"3","other":"1777456108, which evaluates to: 2026-04-29 09:48:28.","method":"GET","evidence":"1777456108","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":318,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"318","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"143","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":542,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"542","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"147","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":518,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"518","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"155","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","sourceid":"3","other":"1777456091, which evaluates to: 2026-04-29 09:48:11.","method":"GET","evidence":"1777456091","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":318,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"318","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"156","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":549,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"160","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":551,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"551","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"163","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":560,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"560","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"168","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":664,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"664","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"204","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":683,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"683","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"263","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":682,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"682","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"266","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":712,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"712","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"268","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":703,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"703","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"275","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":684,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"282","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":713,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"713","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"283","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":722,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"722","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"290","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":717,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"717","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"292","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":714,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"714","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"293","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":716,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"716","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"294","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":724,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"297","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":720,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"720","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"299","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":763,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"763","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"304","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":764,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"315","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":748,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"748","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"316","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":755,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"755","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"318","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":765,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"765","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"330","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":770,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"341","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":777,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"777","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"344","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":775,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"359","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":768,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"768","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"365","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":769,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"769","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"372","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":783,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"783","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"373","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":786,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"786","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"383","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":798,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"401","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":789,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"402","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":794,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"794","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"406","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":779,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"779","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"407","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":790,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"790","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"417","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":780,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"780","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"431","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":800,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"800","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"450","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":797,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"797","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"454","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":802,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"802","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"460","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":799,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"468","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":812,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"812","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"477","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":828,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"828","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"501","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":816,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"816","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"515","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03/GeM-bidding-with-ATC-of-taxis-for-short-terms.pdf","sourceid":"3","other":"1773658538, which evaluates to: 2026-03-16 10:55:38.","method":"GET","evidence":"1773658538","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":527,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"527","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03/GeM-bidding-with-ATC-of-taxis-for-short-terms.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"522","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":832,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"832","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"523","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":853,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"531","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":810,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"810","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"543","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":813,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"813","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"549","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":818,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"818","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"551","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":819,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"819","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"552","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":809,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"809","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"561","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":834,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"834","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"565","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":826,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"826","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"571","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":836,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"836","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"580","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":830,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"830","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"588","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":803,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"803","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"599","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":868,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"868","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"602","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":865,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"865","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"637","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":851,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"851","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"646","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":861,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"861","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"648","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":833,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"833","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"651","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","sourceid":"3","other":"1766817915, which evaluates to: 2025-12-27 06:45:15.","method":"GET","evidence":"1766817915","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":866,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"866","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"656","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":843,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"843","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"659","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","sourceid":"3","other":"1766817922, which evaluates to: 2025-12-27 06:45:22.","method":"GET","evidence":"1766817922","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":866,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"866","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"660","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","sourceid":"3","other":"1766817992, which evaluates to: 2025-12-27 06:46:32.","method":"GET","evidence":"1766817992","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":866,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"866","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"661","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":849,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"662","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":860,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"860","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"671","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":850,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"673","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":839,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"839","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"676","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":882,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"882","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"689","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":885,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"885","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"691","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":883,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"713","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":897,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"720","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":896,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"896","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"730","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":886,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"886","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"744","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":894,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"894","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"747","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":862,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"862","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"755","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":889,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"889","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"761","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":884,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"884","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"778","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":906,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"906","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"791","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":887,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"792","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":904,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"904","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"805","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":905,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"905","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"806","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":909,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"909","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"815","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":914,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"914","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"828","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":928,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"928","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"829","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":907,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"907","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"830","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":913,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"832","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":893,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"893","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"833","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":923,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"923","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"835","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":924,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"843","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"1732584193, which evaluates to: 2024-11-26 01:23:13.","method":"GET","evidence":"1732584193","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":553,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"986","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"1701076831, which evaluates to: 2023-11-27 09:20:31.","method":"GET","evidence":"1701076831","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":553,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"987","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":930,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"930","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"990","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":931,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"931","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"997","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":933,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"998","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":932,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"932","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1000","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":934,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1001","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":937,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"937","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1002","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":940,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"940","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1010","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":942,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"942","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1029","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":943,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"943","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1030","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":945,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"945","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1038","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":944,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"944","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1039","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":946,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"946","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1053","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":948,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"948","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1055","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":947,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1056","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":950,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"950","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1065","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":949,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"949","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1066","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":951,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"951","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1068","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":952,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"952","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1070","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":955,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"955","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1082","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":957,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"957","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1103","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":958,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1104","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":962,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"962","inputVector":"","url":"https://www.dahd.gov.in/hi/useful-links","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1114","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":972,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1124","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":970,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"970","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1126","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":991,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"991","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1179","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":995,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"995","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1180","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":990,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"990","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1182","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":997,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"997","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1195","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1003,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1199","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":989,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"989","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1223","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01/GeMBiddingwithATCAirConditioners.pdf","sourceid":"3","other":"1769596622, which evaluates to: 2026-01-28 10:37:02.","method":"GET","evidence":"1769596622","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":1114,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"1114","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01/GeMBiddingwithATCAirConditioners.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"1257","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1124,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1124","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1261","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1132,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1132","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1263","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1164,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1164","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1298","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1220,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1220","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1314","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1221,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1221","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1316","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1222,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1222","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1317","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1226,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1318","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1228,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1332","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1229,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1229","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1334","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1231,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1231","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1342","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1232,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1232","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1343","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1252,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1252","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1378","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1265,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1382","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1278,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1397","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1300,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1300","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1407","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1304,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1410","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1317,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1317","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1423","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1320,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1320","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1426","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1338,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1338","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1440","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1349,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1349","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1444","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1359,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1359","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1455","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1386,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1386","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1464","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1390,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1390","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1472","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1393,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1474","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1400,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1400","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1487","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1403,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1403","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1491","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1426,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1426","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1505","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1427,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1507","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1428,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1510","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1460,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1460","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1531","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1457,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1457","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1532","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1450,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1450","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1534","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1452,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1452","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1535","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1479,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1541","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1484,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1543","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1498,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1498","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1550","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1477,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1572","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1500,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1573","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1524,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1524","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1579","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1515,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1583","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1528,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1528","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1602","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1560,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1620","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1586,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1586","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1636","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1593,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1638","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1601,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1643","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1620,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1662","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1627,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1627","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1673","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1629,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1629","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1676","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1633,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1633","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1678","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1646,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1646","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1683","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1657,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1657","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1701","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1675,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1675","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1721","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1717,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1717","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1739","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1718,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1718","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1743","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1722,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1722","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1744","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1719,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1719","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1746","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1742,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1742","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1753","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1799,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1799","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1764","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1845,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1788","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1824,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1824","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1797","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1841,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1841","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1799","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1842,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1842","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1802","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1903,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1831","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1911,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1911","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1844","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1927,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1927","inputVector":"","url":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1869","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1925,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1925","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1870","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2119,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2119","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1886","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2122,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2122","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1887","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2132,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2132","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1896","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2136,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1899","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2152,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1905","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2165,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1942","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2253,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1961","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2253,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cse.google.com/cse.js?cx=03ee6b71daa1443cb","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1962","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2342,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1979","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2342,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://cse.google.com/cse.js?cx=03ee6b71daa1443cb","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1981","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2449,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2449","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"1995","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/document/citizencharter","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2471,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2471","inputVector":"","url":"https://www.dahd.gov.in:80/document/citizencharter","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2001","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/division/awd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2458,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2458","inputVector":"","url":"https://www.dahd.gov.in:80/division/awd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2003","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/division/kcc","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2464,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2464","inputVector":"","url":"https://www.dahd.gov.in:80/division/kcc","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2004","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2467,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2008","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2482,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2482","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2011","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2484,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2484","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2024","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2455,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2455","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2027","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2456,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2456","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2029","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2494,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2061","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"1732584193, which evaluates to: 2024-11-26 01:23:13.","method":"GET","evidence":"1732584193","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":2433,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2110","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"1701076831, which evaluates to: 2023-11-27 09:20:31.","method":"GET","evidence":"1701076831","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":2433,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2111","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2502,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2502","inputVector":"","url":"https://www.dahd.gov.in:80/document/acts-rules-notifications","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2125","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/cash-section","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2509,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2509","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/cash-section","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2129","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2521,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2136","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/about-us/about-departments","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2543,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2543","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/about-departments","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2138","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-II","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2534,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2534","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-II","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2140","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2545,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2545","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2141","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2561,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2561","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/vigilance-apar","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2164","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2558,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2558","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2166","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/parliament/parliament_questions","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2576,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2576","inputVector":"","url":"https://www.dahd.gov.in:80/parliament/parliament_questions","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2168","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/web-information-manager","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2600,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2181","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2603,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2603","inputVector":"","url":"https://www.dahd.gov.in:80/dahd-dashboard","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2190","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/contact_us","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2604,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2604","inputVector":"","url":"https://www.dahd.gov.in:80/contact_us","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2191","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2607,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2607","inputVector":"","url":"https://www.dahd.gov.in:80/document/assets-dahd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2200","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2606,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2606","inputVector":"","url":"https://www.dahd.gov.in:80/nlm-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2213","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2610,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2610","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2219","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2611,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2611","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/allocation-business-rules","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2226","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/disclaimer","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2614,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2614","inputVector":"","url":"https://www.dahd.gov.in:80/disclaimer","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2249","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/help","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2616,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2616","inputVector":"","url":"https://www.dahd.gov.in:80/help","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2263","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2621,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2621","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2277","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/website-policy","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2631,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2288","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2648,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2648","inputVector":"","url":"https://www.dahd.gov.in:80/feedback","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2294","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2656,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2656","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/rti","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2306","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2657,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2318","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2658,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2658","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2320","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/pashupedia","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2696,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2696","inputVector":"","url":"https://www.dahd.gov.in:80/pashupedia","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2323","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2666,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2327","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/kcc-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2722,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2722","inputVector":"","url":"https://www.dahd.gov.in:80/kcc-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2353","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2723,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2723","inputVector":"","url":"https://www.dahd.gov.in:80/pashu-aushadhi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2354","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2724,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2359","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2731,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2731","inputVector":"","url":"https://www.dahd.gov.in:80/documents/e-office","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2376","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","sourceid":"3","other":"1777456208, which evaluates to: 2026-04-29 09:50:08.","method":"GET","evidence":"1777456208","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":2739,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"2739","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2378","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","sourceid":"3","other":"1777456108, which evaluates to: 2026-04-29 09:48:28.","method":"GET","evidence":"1777456108","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":2739,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"2739","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2384","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","sourceid":"3","other":"1777456091, which evaluates to: 2026-04-29 09:48:11.","method":"GET","evidence":"1777456091","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":2739,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"2739","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2026-04/TenderForSupplyOfFinalizingContractOfRawPasteurizedMilkCowMixedCowMilk.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2386","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2733,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2733","inputVector":"","url":"https://www.dahd.gov.in:80/schemes-programmes","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2397","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/cyber-security-awareness-month","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2738,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2738","inputVector":"","url":"https://www.dahd.gov.in:80/cyber-security-awareness-month","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2399","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/iec-material","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2740,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2740","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/iec-material","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2406","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2749,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2749","inputVector":"","url":"https://www.dahd.gov.in:80/photo-gallery","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2408","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2780,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2780","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2422","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2026-03/GeM-bidding-with-ATC-of-taxis-for-short-terms.pdf","sourceid":"3","other":"1773658538, which evaluates to: 2026-03-16 10:55:38.","method":"GET","evidence":"1773658538","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":2774,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"2774","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2026-03/GeM-bidding-with-ATC-of-taxis-for-short-terms.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2423","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2785,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2785","inputVector":"","url":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2431","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2765,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2765","inputVector":"","url":"https://www.dahd.gov.in:80/documents/tender","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2435","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2792,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2792","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2442","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-i","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2794,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2794","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-i","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2443","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/assets-dahd","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2801,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2801","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/assets-dahd","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2459","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2800,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2800","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2465","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/office_order_circular","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2807,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2807","inputVector":"","url":"https://www.dahd.gov.in:80/hi/office_order_circular","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2475","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/2814","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2825,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2825","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/2814","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2489","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2822,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2822","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/acts-rules-notifications","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2492","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/e-office","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2828,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2828","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/e-office","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2499","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2834,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2834","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2516","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/demand-grants","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2833,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2833","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/demand-grants","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2517","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/4038","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2836,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2836","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/4038","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2527","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/3954","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2835,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2835","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/3954","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2529","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/schemes-programmes","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2871,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2871","inputVector":"","url":"https://www.dahd.gov.in:80/hi/schemes-programmes","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2552","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2885,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2885","inputVector":"","url":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2557","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/faq","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2889,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2889","inputVector":"","url":"https://www.dahd.gov.in:80/hi/faq","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2559","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2886,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2886","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2560","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/tender","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2907,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2907","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/tender","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2569","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/photo-gallery","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2927,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2927","inputVector":"","url":"https://www.dahd.gov.in:80/hi/photo-gallery","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2634","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/whats-new","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":2997,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"2997","inputVector":"","url":"https://www.dahd.gov.in:80/whats-new","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2750","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3003,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3003","inputVector":"","url":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2762","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS.xls","sourceid":"3","other":"1500112782, which evaluates to: 2017-07-15 09:59:42.","method":"GET","evidence":"1500112782","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3121,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3121","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2024-04/ABCS.xls","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"2870","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3118,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3118","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"2880","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/external-link","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3181,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3181","inputVector":"","url":"https://www.dahd.gov.in:80/external-link","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3018","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3184,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3031","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","sourceid":"3","other":"1766817915, which evaluates to: 2025-12-27 06:45:15.","method":"GET","evidence":"1766817915","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3215,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3215","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3083","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","sourceid":"3","other":"1766817922, which evaluates to: 2025-12-27 06:45:22.","method":"GET","evidence":"1766817922","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3215,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3215","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3090","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","sourceid":"3","other":"1766817992, which evaluates to: 2025-12-27 06:46:32.","method":"GET","evidence":"1766817992","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3215,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3215","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2025-12/GeM-BiddingforStampingVerification.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3095","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2026-01/GeMBiddingwithATCAirConditioners.pdf","sourceid":"3","other":"1769596622, which evaluates to: 2026-01-28 10:37:02.","method":"GET","evidence":"1769596622","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3217,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3217","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2026-01/GeMBiddingwithATCAirConditioners.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3102","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3357,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3357","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3264","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3383,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3383","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3286","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3384,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3384","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3288","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3388,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3300","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3387,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3387","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3301","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3389,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3389","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3308","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3415,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3415","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3353","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3423,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3423","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3360","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3433,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3433","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"3388","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","sourceid":"3","other":"1852990827, which evaluates to: 2028-09-19 15:40:27.","method":"GET","evidence":"1852990827","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3306,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3306","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3713","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","sourceid":"3","other":"1634167148, which evaluates to: 2021-10-13 23:19:08.","method":"GET","evidence":"1634167148","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3306,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3306","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3719","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","sourceid":"3","other":"1953259888, which evaluates to: 2031-11-24 04:11:28.","method":"GET","evidence":"1953259888","pluginId":"10096","cweid":"497","confidence":"Low","sourceMessageId":3306,"wascid":"13","description":"A timestamp was disclosed by the application/web server. - Unix","messageId":"3306","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12/VetInfrastructureGuidelines.pdf","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","CWE-497":"https://cwe.mitre.org/data/definitions/497.html"},"reference":"https://cwe.mitre.org/data/definitions/200.html","solution":"Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.","alert":"Timestamp Disclosure - Unix","param":"","attack":"","name":"Timestamp Disclosure - Unix","risk":"Low","id":"3731","alertRef":"10096"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3866,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3866","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"4293","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3872,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3872","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"4305","alertRef":"10017"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/1596","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":3893,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"3893","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/1596","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://www.googletagmanager.com/gtag/js?id=G-VL8KBQF2F0","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"4336","alertRef":"10017"}],"Informational":[{"nodeName":"https://www.dahd.gov.in/","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"5","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/drupalSettingsLoader.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * Variable generated by Drupal with all the configuration created from PHP.\n *\n * @global\n *\n * @type {object}\n \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"nfiguration created from PHP.\n *\n * @glo","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":321,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"321","inputVector":"","url":"https://www.dahd.gov.in/core/misc/drupalSettingsLoader.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"13","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":146,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"146","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"51","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":141,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"141","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"52","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":148,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"61","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":259,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"259","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"64","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":359,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"359","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"79","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":168,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"82","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":230,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"230","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"84","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":265,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"265","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"92","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":189,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"189","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"94","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":145,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"145","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"96","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":168,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"168","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"98","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":186,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"186","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"123","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":315,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"315","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"127","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":506,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"150","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":493,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"493","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"151","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":526,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"526","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"170","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":506,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"506","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"175","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":423,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"423","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"182","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/progress.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"/**\n * Set the percentage and status message for the progressbar.\n *\n * @param {number} percentage\n * \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"message to show the user.\n * @param {s","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":427,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"427","inputVector":"","url":"https://www.dahd.gov.in/core/misc/progress.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"186","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/core/misc/debounce.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * @file\n * Adapted from underscore.js with the addition Drupal namespace.\n */\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" * @file\n * Adapted from underscore.js with ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":654,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"654","inputVector":"","url":"https://www.dahd.gov.in/core/misc/debounce.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"187","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":549,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"203","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":93,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"93","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"210","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":530,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"530","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"212","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":542,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"542","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"214","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":349,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"227","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":349,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"349","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"247","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":560,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"560","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"248","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":518,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"518","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"252","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":549,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"549","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"254","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":664,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"664","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"257","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/announce.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * Triggers audio UAs to read the supplied text.\n *\n * The aria-live region will only read the text that currently pop\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\n * only the text from the most recent cal","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":661,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"661","inputVector":"","url":"https://www.dahd.gov.in/core/misc/announce.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"258","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/core/misc/announce.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"// the cusp where humans notice a pause, so we will wait\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// the cusp where humans notice a pau","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":661,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"661","inputVector":"","url":"https://www.dahd.gov.in/core/misc/announce.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"262","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":712,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"712","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"309","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":684,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"319","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":724,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"322","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":683,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"683","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"331","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":703,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"703","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"336","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":713,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"713","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"337","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":764,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"339","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":682,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"682","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"342","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":717,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"717","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"353","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":716,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"716","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"355","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":764,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"764","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"356","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":684,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"684","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"366","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":714,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"714","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"370","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js/swithcer.js (v)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"//if \"mysheet_r\" cookie is empty or admin has changed number of days to persist in \"x days\" variable\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" cookie is empty or admin has changed number ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":368,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"368","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js/swithcer.js?v=1.x","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"379","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":724,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"724","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"382","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":763,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"763","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"384","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":720,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"720","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"385","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/drupal.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"/**\n * Replaces placeholders with sanitized values in a string.\n *\n * @param {string} str\n * A string with placeholder\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s a placeholder for user-\n * submitte","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":380,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"380","inputVector":"","url":"https://www.dahd.gov.in/core/misc/drupal.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"387","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":765,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"765","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"391","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":722,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"722","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"392","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":755,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"755","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"397","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":748,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"748","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"400","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":789,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"412","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":769,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"769","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"413","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":798,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"439","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js/ajax_view.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 2 times, the first in likely comment: \"// Extract argument data from the URL.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"tract argument data from the URL.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":678,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"678","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js/ajax_view.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"442","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/core/misc/message.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"/**\n * Select a message based on id.\n *\n * @name Drupal.Message~messageDefinition.select\n *\n * @param {strin\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"/**\n * Select a message based on ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":687,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"687","inputVector":"","url":"https://www.dahd.gov.in/core/misc/message.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"444","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":775,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"453","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/message.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"/**\n * Constructs a new instance of the Drupal.Message class.\n *\n * This provides a uniform interface for adding and remov\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"per\n * The zone where to add messages. If","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":687,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"687","inputVector":"","url":"https://www.dahd.gov.in/core/misc/message.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"455","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":783,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"783","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"464","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":786,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"786","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"467","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":794,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"794","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"476","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":770,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"478","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":768,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"768","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"488","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":797,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"797","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"494","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":777,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"777","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"495","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":798,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"798","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"513","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":812,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"812","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"520","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":790,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"790","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"521","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"//if \"mysheet_r\" cookie is empty or admin has changed number of days to persist in \"x days\" variable\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" cookie is empty or admin has changed number ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":559,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"559","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"525","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//load user chosen style sheet from cookie if there is one stored\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"//load user chosen style sheet ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":559,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"559","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"526","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":799,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"546","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":780,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"780","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"555","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":779,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"779","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"570","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"//Optional function that shows which style sheet is currently selected within group of radio buttons or select menu\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"of radio buttons or select menu","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":559,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"559","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/accesibileswithcer.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"573","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":816,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"816","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"579","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":853,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"594","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":836,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"836","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"598","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":799,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"799","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"604","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":813,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"813","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"613","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)स्थापना (मुख्यालय)स्थापना (मुख्यालय) हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":832,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"832","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"664","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":810,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"810","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"668","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":809,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"809","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"677","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":834,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"834","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"681","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js/base.js (v)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"/**\n * Helper function to parse a querystring.\n *\n * @param {string} query\n * The querystring to parse.\n *\n * @ret\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" * @param {string} query\n * The querystr","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":898,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"898","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js/base.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"683","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":818,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"818","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"684","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":819,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"819","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"685","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":865,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"865","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"693","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":830,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"830","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"699","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":826,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"826","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"701","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":803,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"803","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"706","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":868,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"868","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"708","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js/base.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * Strip off the protocol plus domain from an href.\n *\n * @param {string} href\n * The href to strip.\n *\n * @re\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"rotocol plus domain from an href.\n *\n * ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":898,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"898","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js/base.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"710","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":849,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"717","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-accessibleMegaMenu.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"/**\n * @class accessibleMegaMenu\n * @memberOf jQuery.fn\n * @classdesc Implements an accessible mega menu as a jQuery\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" with screen reader user expectations for gl","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":517,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"517","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-accessibleMegaMenu.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"718","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":883,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"758","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":850,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"768","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":849,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"776","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":861,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"861","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"777","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":833,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"833","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"782","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":860,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"860","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"793","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":850,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"850","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"797","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":843,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"843","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"798","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":839,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"839","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"800","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":885,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"885","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"807","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":883,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"883","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"813","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":882,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"882","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"814","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":897,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"818","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":896,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"896","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"838","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bLATER\\b and was detected in likely comment: \"/*!\n * jQuery Form Plugin\n * version: 4.3.0\n * Requires jQuery v1.7.2 or later\n * Project repository: https://github.com/jquery-\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"es jQuery v1.7.2 or later\n * Project reposito","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":827,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"827","inputVector":"","url":"https://www.dahd.gov.in/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"848","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय) हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":887,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"862","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":913,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"881","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":909,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"909","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"882","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":884,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"884","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"884","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":904,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"904","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"900","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":906,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"906","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"901","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":894,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"894","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"902","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":905,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"905","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"903","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":889,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"889","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"906","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":928,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"928","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"910","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":887,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"887","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"911","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":914,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"914","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"912","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":907,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"907","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"914","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":862,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"862","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"915","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":923,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"923","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"916","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":924,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"918","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 2 times, the first in likely comment: \"// data is the query string for 'post'\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// data is the query string for 'post'","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":827,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"827","inputVector":"","url":"https://www.dahd.gov.in/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"919","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":886,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"886","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"920","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":913,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"913","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"925","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":893,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"893","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"946","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 3 times, the first in likely comment: \"// options.iframe allows user to force iframe mode\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"tions.iframe allows user to force iframe mod","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":827,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"827","inputVector":"","url":"https://www.dahd.gov.in/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"957","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected 2 times, the first in likely comment: \"/**\n * kjur's class library name space\n *

\n * This name space provides following name spaces:\n *

    \n *
  • {@link KJUR.asn1\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"e. This caused by a bug of jsdoc2.\n * @nam","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":553,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"959","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"// mostly lifted from jq1.4.4\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// mostly lifted from jq1.4.4","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":827,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"827","inputVector":"","url":"https://www.dahd.gov.in/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"971","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bDB\\b and was detected 6 times, the first in likely comment: \"// (protected) r = this << n*DB\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"cted) r = this << n*DB","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":553,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"973","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"// an expected string. This accounts for the case where a form\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"counts for the case where a form","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":827,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"827","inputVector":"","url":"https://www.dahd.gov.in/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"978","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"// We need to select the fastest one that works in this environment.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// We need to select the fastest one tha","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":553,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"979","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 17 times, the first in likely comment: \"/**\n * Gets the RSA keys from the specified url, and saves it into a RSA keypair\n * @param {string} url The url to contact\n *\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"* Gets the RSA keys from the specified url, ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":553,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"983","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 10 times, the first in likely comment: \"// TODO: allow reseeding after first request\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// TODO: allow reseeding af","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":553,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"984","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"/**\n * Translate rsa parameters in a hex encoded string representing the rsa public key.\n * The representation follow the ASN.1 \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" BIT STRING\n * }\n * Where AlgorithmIdentifier","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":553,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"553","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","POLICY_PENTEST":"","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"985","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":930,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"930","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1004","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)स्थापना (मुख्यालय)स्थापना (मुख्यालय) हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":931,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"931","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1023","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":933,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1024","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":934,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1031","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":937,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"937","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1032","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":932,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"932","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1041","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":947,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1083","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":955,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"955","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1108","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":952,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"952","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1123","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":951,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"951","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1125","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":947,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"947","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1127","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":946,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"946","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1129","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":948,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"948","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1130","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":950,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"950","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1133","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":949,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"949","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1135","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)स्थापना (मुख्यालय)स्थापना (मुख्यालय) हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":958,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1176","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":957,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"957","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1190","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/useful-links","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":962,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"962","inputVector":"","url":"https://www.dahd.gov.in/hi/useful-links","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1192","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":972,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1194","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय) हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":995,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"995","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1222","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":990,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"990","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1225","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":997,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"997","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1235","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1003,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1238","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":989,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"989","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1253","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1124,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1124","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1269","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1132,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1132","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1270","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected 6 times, the first in likely comment: \"// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s/detail?id=378607 (bug restricted)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1271","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bBUGS\\b and was detected 6 times, the first in likely comment: \"// https://bugs.jquery.com/ticket/13393\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// https://bugs.jquery.com/ticket/1","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1272","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bUSERNAME\\b and was detected in likely comment: \"/*\n\t\ttimeout: 0,\n\t\tdata: null,\n\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: null,\n\t\tcache: null,\n\t\tthrows: false,\n\t\ttradition\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1275","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 3 times, the first in likely comment: \"// IE 11/Edge don't find elements on a `[name='']` query in some cases.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ts on a `[name='']` query in some cases.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1278","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bLATER\\b and was detected 6 times, the first in likely comment: \"// Give the init function the jQuery prototype for later instantiation\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"Query prototype for later instantiation","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1281","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 9 times, the first in likely comment: \"// Can be adjusted by the user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" be adjusted by the user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1282","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"// We use this for POS matching in `select`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"or POS matching in `select`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1283","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 54 times, the first in likely comment: \"// Return just the one element from the set\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ust the one element from the set","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1284","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected 6 times, the first in likely comment: \"// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s/detail?id=378607 (bug restricted)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1285","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 2 times, the first in likely comment: \"//\t4. _Never_ expose \"private\" data to user code (TODO: Drop _data, _removeData)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" data to user code (TODO: Drop _data, _remov","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1286","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bBUGS\\b and was detected 6 times, the first in likely comment: \"// https://bugs.jquery.com/ticket/13393\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// https://bugs.jquery.com/ticket/1","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1287","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 10 times, the first in likely comment: \"// For CommonJS and CommonJS-like environments where a proper `window`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"S-like environments where a proper `window`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":963,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"963","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1288","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSERNAME\\b and was detected in likely comment: \"/*\n\t\ttimeout: 0,\n\t\tdata: null,\n\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: null,\n\t\tcache: null,\n\t\tthrows: false,\n\t\ttradition\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1289","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 3 times, the first in likely comment: \"// IE 11/Edge don't find elements on a `[name='']` query in some cases.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ts on a `[name='']` query in some cases.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1290","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 9 times, the first in likely comment: \"// Can be adjusted by the user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" be adjusted by the user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1291","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"// We use this for POS matching in `select`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"or POS matching in `select`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1292","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 54 times, the first in likely comment: \"// Return just the one element from the set\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ust the one element from the set","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1293","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 2 times, the first in likely comment: \"//\t4. _Never_ expose \"private\" data to user code (TODO: Drop _data, _removeData)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" data to user code (TODO: Drop _data, _remov","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1294","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 10 times, the first in likely comment: \"// For CommonJS and CommonJS-like environments where a proper `window`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"S-like environments where a proper `window`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":998,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"998","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1295","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1164,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1164","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1301","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1220,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1220","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1323","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1226,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1331","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1226,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1226","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1347","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1222,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1222","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1349","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1229,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1229","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1357","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1228,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1358","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1231,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1231","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1367","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1232,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1232","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1368","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1265,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1386","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1252,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1252","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1388","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1265,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1389","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1278,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1401","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://www.dahd.gov.in/hi/annual-report?field_years_target_id=577\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfield_years_target_id=577\n\nThe user-controlled value was:\n577","method":"GET","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":1278,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"1278","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"field_years_target_id","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"1405","alertRef":"10031"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1300,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1300","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1412","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1304,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1417","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय) हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1317,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1317","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1431","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1320,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1320","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1432","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1338,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1338","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1445","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1349,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1349","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1451","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1359,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1359","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1459","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1386,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1386","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1467","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1393,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1477","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1390,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1390","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1478","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1393,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1393","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_QA_STD":"","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1483","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1400,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1400","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1496","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1403,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1403","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1497","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1426,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1426","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1514","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1427,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1515","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1428,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1524","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1460,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1460","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1544","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1457,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1457","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1546","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1479,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1556","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1484,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1559","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1450,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1450","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1562","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1452,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1452","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1566","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1479,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1479","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1569","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1484,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1576","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1498,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1498","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1582","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1524,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1524","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1597","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1515,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1604","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1500,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1605","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1477,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1607","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1515,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1609","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1477,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1616","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1528,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1528","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1626","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1560,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1640","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1586,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1586","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1652","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1601,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1661","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1593,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1663","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1620,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1682","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1627,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1627","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1695","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1629,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1629","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1696","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1633,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1633","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1697","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1646,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1646","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1714","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1657,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1657","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1724","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1675,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1675","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1733","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1717,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1717","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1752","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1719,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1719","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1768","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1742,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1742","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1790","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":1845,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1804","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1799,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1799","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1808","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1845,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1845","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1814","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1841,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1841","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1832","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1824,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1824","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1833","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1842,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1842","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1834","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1903,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1850","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1911,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1911","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1857","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1927,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1927","inputVector":"","url":"https://www.dahd.gov.in:80/index.php/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1876","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":1925,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"1925","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1888","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2119,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2119","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1907","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2122,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2122","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1908","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2132,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2132","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1922","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2136,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1930","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2152,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1932","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2165,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1949","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/drupalSettingsLoader.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * Variable generated by Drupal with all the configuration created from PHP.\n *\n * @global\n *\n * @type {object}\n \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"nfiguration created from PHP.\n *\n * @glo","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2236,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2236","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/drupalSettingsLoader.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1953","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/drupal.js (v)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected in likely comment: \"/**\n * Helper to rethrow errors asynchronously.\n *\n * This way Errors bubbles up outside of the original callstack, making\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"g it\n * easier to debug errors in the brows","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2239,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2239","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/drupal.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1954","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/drupal.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"/**\n * Replaces placeholders with sanitized values in a string.\n *\n * @param {string} str\n * A string with placeholder\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s a placeholder for user-\n * submitte","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2239,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2239","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/drupal.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1955","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/drupal.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 8 times, the first in likely comment: \"/**\n * A jQuery object, typically the return value from a `$(selector)` call.\n *\n * Holds an HTMLElement or a collection of HTML\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ly the return value from a `$(selector)` cal","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2239,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2239","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/drupal.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1956","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"//if \"mysheet_r\" cookie is empty or admin has changed number of days to persist in \"x days\" variable\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" cookie is empty or admin has changed number ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2345,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2345","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1958","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//load user chosen style sheet from cookie if there is one stored\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"//load user chosen style sheet ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2345,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2345","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1959","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"//Optional function that shows which style sheet is currently selected within group of radio buttons or select menu\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"of radio buttons or select menu","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2345,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2345","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/accesibileswithcer.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1960","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/debounce.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * @file\n * Adapted from underscore.js with the addition Drupal namespace.\n */\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" * @file\n * Adapted from underscore.js with ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2357,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2357","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/debounce.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1963","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/announce.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"/**\n * Triggers audio UAs to read the supplied text.\n *\n * The aria-live region will only read the text that currently pop\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\n * only the text from the most recent cal","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2402,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2402","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/announce.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1964","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/announce.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"// the cusp where humans notice a pause, so we will wait\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// the cusp where humans notice a pau","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2402,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2402","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/announce.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1965","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/progress.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"/**\n * Set the percentage and status message for the progressbar.\n *\n * @param {number} percentage\n * \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"message to show the user.\n * @param {s","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2352,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2352","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/progress.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1966","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/progress.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 2 times, the first in likely comment: \"// This allows monitoring to be stopped from within the callback.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"oring to be stopped from within the callback","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2352,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2352","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/progress.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1967","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/modules/views/js/base.js (v)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"/**\n * Helper function to parse a querystring.\n *\n * @param {string} query\n * The querystring to parse.\n *\n * @ret\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" * @param {string} query\n * The querystr","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2408,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2408","inputVector":"","url":"https://www.dahd.gov.in:80/core/modules/views/js/base.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1969","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/hi","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2253,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2253","inputVector":"","url":"https://www.dahd.gov.in:80/hi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1975","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/message.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"/**\n * Constructs a new instance of the Drupal.Message class.\n *\n * This provides a uniform interface for adding and remov\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"per\n * The zone where to add messages. If","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2416,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2416","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/message.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1976","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/modules/views/js/ajax_view.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 2 times, the first in likely comment: \"// Extract argument data from the URL.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"tract argument data from the URL.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2417,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2417","inputVector":"","url":"https://www.dahd.gov.in:80/core/modules/views/js/ajax_view.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1978","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js (v)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected in likely comment: \"//if \"mysheet_r\" cookie is empty or admin has changed number of days to persist in \"x days\" variable\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" cookie is empty or admin has changed number ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2423,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2423","inputVector":"","url":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js?v=1.x","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1984","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"//load user chosen style sheet from cookie if there is one stored\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"//load user chosen style sheet ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2423,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2423","inputVector":"","url":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js?v=1.x","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1985","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"//Optional function that shows which style sheet is currently selected within group of radio buttons or select menu\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"of radio buttons or select menu","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2423,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2423","inputVector":"","url":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/swithcer.js?v=1.x","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"1986","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2342,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2342","inputVector":"","url":"https://www.dahd.gov.in:80/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"1989","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2449,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2449","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2010","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/document/citizencharter","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2471,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2471","inputVector":"","url":"https://www.dahd.gov.in:80/document/citizencharter","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2021","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-accessibleMegaMenu.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"/**\n * @class accessibleMegaMenu\n * @memberOf jQuery.fn\n * @classdesc Implements an accessible mega menu as a jQuery\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" with screen reader user expectations for gl","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2413,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2413","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-accessibleMegaMenu.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2023","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2467,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2036","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/division/awd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2458,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2458","inputVector":"","url":"https://www.dahd.gov.in:80/division/awd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2037","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2482,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2482","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2039","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/kcc","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2464,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2464","inputVector":"","url":"https://www.dahd.gov.in:80/division/kcc","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2040","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/documents/accounts-glance","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2467,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2467","inputVector":"","url":"https://www.dahd.gov.in:80/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2041","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2484,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2484","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2056","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2456,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2456","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2066","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2494,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2077","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2455,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2455","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2078","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2494,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2494","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/list-attachedsubordinate-offices-department","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2080","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bLATER\\b and was detected in likely comment: \"/*!\n * jQuery Form Plugin\n * version: 4.3.0\n * Requires jQuery v1.7.2 or later\n * Project repository: https://github.com/jquery-\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"es jQuery v1.7.2 or later\n * Project reposito","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2087","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bDEBUG\\b and was detected in likely comment: \"// expose debug var\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// expose debug var","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2088","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSERNAME\\b and was detected in likely comment: \"/**\n\t * formToArray() gathers form element data into an array of objects that can\n\t * be passed to any of the following ajax fun\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\n\t *\n\t * [ { name: 'username', value: 'jresig' }","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2089","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 2 times, the first in likely comment: \"// data is the query string for 'post'\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// data is the query string for 'post'","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2090","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 2 times, the first in likely comment: \"/**\n\t * Clears the form data. Takes the following actions on the form's input fields:\n\t * - input text fields will have their '\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"empty string\n\t * - select elements will have ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2091","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 3 times, the first in likely comment: \"// options.iframe allows user to force iframe mode\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"tions.iframe allows user to force iframe mod","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2092","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"// mostly lifted from jq1.4.4\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// mostly lifted from jq1.4.4","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2093","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/jquery.form.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"// an expected string. This accounts for the case where a form\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"counts for the case where a form","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2403,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2403","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/jquery.form.js?v=4.3.0","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2094","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/ajax.js (v)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 4 times, the first in likely comment: \"// 3. /nojs? - Followed by a query (e.g. path/nojs?destination=foobar).\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"js? - Followed by a query (e.g. path/nojs?des","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2434,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2434","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2095","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/ajax.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"// contains a value (e.g., a checkbox, textfield, select, etc.), ensure\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"heckbox, textfield, select, etc.), ensure","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2434,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2434","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2096","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/ajax.js (v)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 3 times, the first in likely comment: \"/**\n * Settings for an Ajax object.\n *\n * @typedef {object} Drupal.Ajax~elementSettings\n *\n * @prop {string} url\n * \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"or the display of a user-friendly loader.\n ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2434,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2434","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2097","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/ajax.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 27 times, the first in likely comment: \"/**\n * Attaches the Ajax behavior to each Ajax form element.\n *\n * @type {Drupal~behavior}\n *\n * @prop {Drupal~behavio\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"rupal.Ajax} objects from\n * DOM elements","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2434,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2434","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2098","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/ajax.js (v)","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 3 times, the first in likely comment: \"// @todo Remove this after refactoring the PHP code to:\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// @todo Remove this after r","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2434,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2434","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2099","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/core/misc/ajax.js (v)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 4 times, the first in likely comment: \"/**\n * Extends Error to provide handling for Errors in Ajax.\n *\n * @constructor\n *\n * @augments Error\n *\n * @param\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" uri\n * The URI where the error occurred.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2434,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2434","inputVector":"","url":"https://www.dahd.gov.in:80/core/misc/ajax.js?v=10.4.7","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2100","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/jquery.flexslider.js (v)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 2 times, the first in likely comment: \"//String: Select your animation type, \"fade\" or \"slide\"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"//String: Select your animation type","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2439,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2439","inputVector":"","url":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/jquery.flexslider.js?v=1.x","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2101","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/jquery.flexslider.js (v)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected in likely comment: \"//If clock is ticking, stop timer and prevent from starting while invisible\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"p timer and prevent from starting while invi","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2439,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2439","inputVector":"","url":"https://www.dahd.gov.in:80/modules/cmf/cmf_design/js/jquery.flexslider.js?v=1.x","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2102","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bLATER\\b and was detected 3 times, the first in likely comment: \"// \"negative\" y so we can replace sub with am later\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"replace sub with am later","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2103","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected 2 times, the first in likely comment: \"/**\n * kjur's class library name space\n *

    \n * This name space provides following name spaces:\n *

      \n *
    • {@link KJUR.asn1\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"e. This caused by a bug of jsdoc2.\n * @nam","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2104","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bDB\\b and was detected 6 times, the first in likely comment: \"// (protected) r = this << n*DB\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"cted) r = this << n*DB","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2105","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected in likely comment: \"// We need to select the fastest one that works in this environment.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// We need to select the fastest one tha","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2106","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 17 times, the first in likely comment: \"/**\n * Gets the RSA keys from the specified url, and saves it into a RSA keypair\n * @param {string} url The url to contact\n *\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"* Gets the RSA keys from the specified url, ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2107","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 10 times, the first in likely comment: \"// TODO: allow reseeding after first request\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// TODO: allow reseeding af","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2108","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected in likely comment: \"/**\n * Translate rsa parameters in a hex encoded string representing the rsa public key.\n * The representation follow the ASN.1 \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" BIT STRING\n * }\n * Where AlgorithmIdentifier","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2433,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2433","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery-jcryption.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2109","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bLATER\\b and was detected 6 times, the first in likely comment: \"// Give the init function the jQuery prototype for later instantiation\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"Query prototype for later instantiation","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2113","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected 6 times, the first in likely comment: \"// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s/detail?id=378607 (bug restricted)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2114","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bBUGS\\b and was detected 6 times, the first in likely comment: \"// https://bugs.jquery.com/ticket/13393\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// https://bugs.jquery.com/ticket/1","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2115","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bUSERNAME\\b and was detected in likely comment: \"/*\n\t\ttimeout: 0,\n\t\tdata: null,\n\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: null,\n\t\tcache: null,\n\t\tthrows: false,\n\t\ttradition\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2116","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 3 times, the first in likely comment: \"// IE 11/Edge don't find elements on a `[name='']` query in some cases.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ts on a `[name='']` query in some cases.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2117","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 9 times, the first in likely comment: \"// Can be adjusted by the user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" be adjusted by the user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2118","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"// We use this for POS matching in `select`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"or POS matching in `select`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2119","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 54 times, the first in likely comment: \"// Return just the one element from the set\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ust the one element from the set","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2120","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 2 times, the first in likely comment: \"//\t4. _Never_ expose \"private\" data to user code (TODO: Drop _data, _removeData)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" data to user code (TODO: Drop _data, _remov","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2121","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 10 times, the first in likely comment: \"// For CommonJS and CommonJS-like environments where a proper `window`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"S-like environments where a proper `window`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2447,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2447","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2122","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/document/acts-rules-notifications","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2502,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2502","inputVector":"","url":"https://www.dahd.gov.in:80/document/acts-rules-notifications","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2139","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/cash-section","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2509,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2509","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/cash-section","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2150","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/about-us/about-departments","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2521,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2160","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2543,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2543","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/about-departments","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2163","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-II","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2534,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2534","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-II","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2165","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2545,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2545","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2172","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/administration/aparcell/forms (page)","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2521,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2521","inputVector":"","url":"https://www.dahd.gov.in:80/division/administration/aparcell/forms?page=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2176","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2600,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2206","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2558,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2558","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/coffee-table-books","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2225","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2600,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2600","inputVector":"","url":"https://www.dahd.gov.in:80/web-information-manager","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2233","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/dahd-dashboard","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2603,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2603","inputVector":"","url":"https://www.dahd.gov.in:80/dahd-dashboard","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2234","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/contact_us","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2604,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2604","inputVector":"","url":"https://www.dahd.gov.in:80/contact_us","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2235","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/document/assets-dahd","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2607,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2607","inputVector":"","url":"https://www.dahd.gov.in:80/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2237","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2610,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2610","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2265","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/nlm-scheme-brochure","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2606,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2606","inputVector":"","url":"https://www.dahd.gov.in:80/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2266","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/disclaimer","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2614,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2614","inputVector":"","url":"https://www.dahd.gov.in:80/disclaimer","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2287","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/help","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2616,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2616","inputVector":"","url":"https://www.dahd.gov.in:80/help","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2291","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2631,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2303","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2621,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2621","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/sire-directory","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2304","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2631,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2631","inputVector":"","url":"https://www.dahd.gov.in:80/website-policy","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2321","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/feedback","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2648,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2648","inputVector":"","url":"https://www.dahd.gov.in:80/feedback","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2322","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/rti","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2657,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2330","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2666,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2338","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2657,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2657","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/pig-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2343","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2658,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2658","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2348","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/pashupedia","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2696,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2696","inputVector":"","url":"https://www.dahd.gov.in:80/pashupedia","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2349","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/division/international-cooperation","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2666,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2666","inputVector":"","url":"https://www.dahd.gov.in:80/division/international-cooperation","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2352","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/kcc-scheme-brochure","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मु\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2724,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2369","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2722,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2722","inputVector":"","url":"https://www.dahd.gov.in:80/kcc-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2374","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/pashu-aushadhi","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2723,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2723","inputVector":"","url":"https://www.dahd.gov.in:80/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2375","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2724,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2724","inputVector":"","url":"https://www.dahd.gov.in:80/hi/division/administration/aparcell/forms","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2382","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/documents/e-office","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2731,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2731","inputVector":"","url":"https://www.dahd.gov.in:80/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2396","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/cyber-security-awareness-month","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2738,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2738","inputVector":"","url":"https://www.dahd.gov.in:80/cyber-security-awareness-month","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2407","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/schemes-programmes","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2733,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2733","inputVector":"","url":"https://www.dahd.gov.in:80/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2413","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/extension-publicity/iec-material","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2740,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2740","inputVector":"","url":"https://www.dahd.gov.in:80/extension-publicity/iec-material","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2420","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/photo-gallery","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2749,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2749","inputVector":"","url":"https://www.dahd.gov.in:80/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2430","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2780,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2780","inputVector":"","url":"https://www.dahd.gov.in:80/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2445","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2785,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2785","inputVector":"","url":"https://www.dahd.gov.in:80/hi/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2446","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/documents/tender","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> About Us -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2765,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2765","inputVector":"","url":"https://www.dahd.gov.in:80/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2460","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2792,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2792","inputVector":"","url":"https://www.dahd.gov.in:80/about-us/vision-mission-objective","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2463","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/divisions/administration/admin-i","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2794,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2794","inputVector":"","url":"https://www.dahd.gov.in:80/divisions/administration/admin-i","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2464","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/assets-dahd","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2801,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2801","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/assets-dahd","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2477","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2800,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2800","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2490","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/office_order_circular","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2807,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2807","inputVector":"","url":"https://www.dahd.gov.in:80/hi/office_order_circular","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2491","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/2814","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2825,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2825","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/2814","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2506","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/e-office","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2828,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2828","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/e-office","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2513","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2834,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2834","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/accounts-glance","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2530","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/document/demand-grants","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2833,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2833","inputVector":"","url":"https://www.dahd.gov.in:80/hi/document/demand-grants","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2534","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/4038","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2836,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2836","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/4038","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2543","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/3954","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2835,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2835","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/3954","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2544","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/schemes-programmes","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2871,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2871","inputVector":"","url":"https://www.dahd.gov.in:80/hi/schemes-programmes","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2563","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2885,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2885","inputVector":"","url":"https://www.dahd.gov.in:80/hi/pashu-aushadhi","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2568","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/faq","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2889,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2889","inputVector":"","url":"https://www.dahd.gov.in:80/hi/faq","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2577","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">स्थापना (मुख्यालय)\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2886,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2886","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/vigilance-apar","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2584","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/documents/tender","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2907,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2907","inputVector":"","url":"https://www.dahd.gov.in:80/hi/documents/tender","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2598","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/photo-gallery","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2927,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2927","inputVector":"","url":"https://www.dahd.gov.in:80/hi/photo-gallery","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2647","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bLATER\\b and was detected 6 times, the first in likely comment: \"// Give the init function the jQuery prototype for later instantiation\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"Query prototype for later instantiation","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2661","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bBUG\\b and was detected 6 times, the first in likely comment: \"// https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"s/detail?id=378607 (bug restricted)","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2666","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bBUGS\\b and was detected 6 times, the first in likely comment: \"// https://bugs.jquery.com/ticket/13393\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"// https://bugs.jquery.com/ticket/1","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2671","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSERNAME\\b and was detected in likely comment: \"/*\n\t\ttimeout: 0,\n\t\tdata: null,\n\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: null,\n\t\tcache: null,\n\t\tthrows: false,\n\t\ttradition\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"\t\tdataType: null,\n\t\tusername: null,\n\t\tpassword: ","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2675","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bQUERY\\b and was detected 3 times, the first in likely comment: \"// IE 11/Edge don't find elements on a `[name='']` query in some cases.\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ts on a `[name='']` query in some cases.","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2678","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 9 times, the first in likely comment: \"// Can be adjusted by the user\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" be adjusted by the user","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2687","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bSELECT\\b and was detected 3 times, the first in likely comment: \"// We use this for POS matching in `select`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"or POS matching in `select`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2692","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bFROM\\b and was detected 54 times, the first in likely comment: \"// Return just the one element from the set\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ust the one element from the set","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2699","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bTODO\\b and was detected 2 times, the first in likely comment: \"//\t4. _Never_ expose \"private\" data to user code (TODO: Drop _data, _removeData)\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":" data to user code (TODO: Drop _data, _remov","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2703","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js (tfn4vu)","sourceid":"3","other":"The following pattern was used: \\bWHERE\\b and was detected 10 times, the first in likely comment: \"// For CommonJS and CommonJS-like environments where a proper `window`\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"S-like environments where a proper `window`","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":2646,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"2646","inputVector":"","url":"https://www.dahd.gov.in:80/themes/mindahd/js/jquery.js?tfn4vu","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"2711","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/whats-new","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":2997,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"2997","inputVector":"","url":"https://www.dahd.gov.in:80/whats-new","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2765","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3003,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3003","inputVector":"","url":"https://www.dahd.gov.in:80/hi/nlm-scheme-brochure","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2784","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2024-04/SireDirectoryCFSPTI-HGT.xlsx","sourceid":"3","other":"","method":"GET","evidence":"max-age=31536000","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":3071,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"3071","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2024-04/SireDirectoryCFSPTI-HGT.xlsx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"2823","alertRef":"10015"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2024-04/AlamadhiSS.xlsx","sourceid":"3","other":"","method":"GET","evidence":"max-age=31536000","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":3095,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"3095","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2024-04/AlamadhiSS.xlsx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"2850","alertRef":"10015"},{"nodeName":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3118,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3118","inputVector":"","url":"https://www.dahd.gov.in:80/hi/divisions/administration/rti","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"2892","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/external-link","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 5 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">Establishment(Hqrs) \", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"ions/administration/admin-i\" target=\"_self\" d","pluginId":"10027","cweid":"615","confidence":"Medium","sourceMessageId":3184,"wascid":"13","description":"The response appears to contain suspicious comments which may help an attacker.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_PENTEST":"","CWE-615":"https://cwe.mitre.org/data/definitions/615.html","WSTG-v42-INFO-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Webpage_Content_for_Information_Leakage","OWASP_2017_A03":"https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/"},"reference":"","solution":"Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.","alert":"Information Disclosure - Suspicious Comments","param":"","attack":"","name":"Information Disclosure - Suspicious Comments","risk":"Informational","id":"3042","alertRef":"10027"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected 2 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3181,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3181","inputVector":"","url":"https://www.dahd.gov.in:80/external-link","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3047","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/node/582","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3184,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3184","inputVector":"","url":"https://www.dahd.gov.in:80/node/582","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3048","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB.xlsx","sourceid":"3","other":"","method":"GET","evidence":"max-age=31536000","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":3227,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"3227","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2024-04/SAGB.xlsx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"3105","alertRef":"10015"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3357,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3357","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3274","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":"> हमारे बारे में -->\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3388,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3324","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3387,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3387","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3326","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"3","other":"Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.","method":"GET","evidence":"\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3389,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3389","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3332","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3415,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3415","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3362","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3423,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3423","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3373","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3441,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3441","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"3436","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"3","other":"User-controlled HTML attribute values were found. Try injecting special characters to see if XSS might be possible. The page at the following URL:\n\nhttps://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0\n\nappears to include user input in:\na(n) [option] tag [value] attribute\n\nThe user input found was:\nfield_categories_nadcp_target_id=102\n\nThe user-controlled value was:\n102","method":"GET","evidence":"","pluginId":"10031","cweid":"20","confidence":"Low","sourceMessageId":3444,"wascid":"20","description":"This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.","messageId":"3444","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"OWASP_2025_A05":"https://owasp.org/Top10/2025/A05_2025-Injection/","OWASP_2021_A03":"https://owasp.org/Top10/A03_2021-Injection/","CWE-20":"https://cwe.mitre.org/data/definitions/20.html","POLICY_PENTEST":"","OWASP_2017_A01":"https://owasp.org/www-project-top-ten/2017/A1_2017-Injection.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","solution":"Validate all input and sanitize output it before writing to any HTML attributes.","alert":"User Controllable HTML Element Attribute (Potential XSS)","param":"field_categories_nadcp_target_id","attack":"","name":"User Controllable HTML Element Attribute (Potential XSS)","risk":"Informational","id":"3462","alertRef":"10031"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3866,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3866","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"4304","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3872,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3872","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"4315","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/hi/node/1596","sourceid":"3","other":"The following pattern was used: \\bADMIN\\b and was detected 4 times, the first in likely comment: \"\", see evidence field for the suspicious comment/snippet.","method":"GET","evidence":">\r\n \"Accessibility\r\n ","pluginId":"10109","cweid":"-1","confidence":"Medium","sourceMessageId":3893,"wascid":"-1","description":"The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.","messageId":"3893","inputVector":"","url":"https://www.dahd.gov.in:80/hi/node/1596","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"","solution":"This is an informational alert and so no changes are required.","alert":"Modern Web Application","param":"","attack":"","name":"Modern Web Application","risk":"Informational","id":"4353","alertRef":"10109"},{"nodeName":"https://www.dahd.gov.in:80/sites/default/files/2023-11/FinalDistrictWiseStrayCattleDog.xlsx","sourceid":"3","other":"","method":"GET","evidence":"max-age=31536000","pluginId":"10015","cweid":"525","confidence":"Low","sourceMessageId":4206,"wascid":"13","description":"The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.","messageId":"4206","inputVector":"","url":"https://www.dahd.gov.in:80/sites/default/files/2023-11/FinalDistrictWiseStrayCattleDog.xlsx","tags":{"OWASP_2025_A07":"https://owasp.org/Top10/2025/A07_2025-Authentication_Failures/","CWE-525":"https://cwe.mitre.org/data/definitions/525.html","POLICY_PENTEST":"","OWASP_2021_A07":"https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-ATHN-06":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses","OWASP_2017_A02":"https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication.html"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control\nhttps://grayduck.mn/2021/09/13/cache-control-recommendations/","solution":"For secure content, ensure the cache-control HTTP header is set with \"no-cache, no-store, must-revalidate\". If an asset should be cached consider setting the directives \"public, max-age, immutable\".","alert":"Re-examine Cache-control Directives","param":"cache-control","attack":"","name":"Re-examine Cache-control Directives","risk":"Informational","id":"4894","alertRef":"10015"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50047","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13194","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50051","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13195","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50053","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13196","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50058","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13197","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50059","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13198","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50061","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13199","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50066","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13201","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50068","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13202","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50073","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13203","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50075","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13205","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50078","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13206","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50082","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13207","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50084","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13208","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50087","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13209","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50090","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13210","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50093","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13212","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50097","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13213","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50100","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13214","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50104","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13215","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50107","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13217","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50110","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13218","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50113","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13219","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50118","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13220","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50120","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13221","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50122","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13222","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50129","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13224","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50134","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13225","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50138","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13226","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50141","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13227","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50143","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13228","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50146","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13229","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50149","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13230","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50151","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13231","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50155,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50155","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13233","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50157,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50157","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13234","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50159,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50159","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13235","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50162","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13236","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50163,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50163","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13237","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50165","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13238","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50168","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13239","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50171,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50171","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13240","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50172,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50172","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13241","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50175","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13242","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50179","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13243","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50184","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13245","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50186","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13246","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50188","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13247","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50194","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13248","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50195,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50195","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13249","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50197","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13250","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50201,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50201","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13251","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50202","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13252","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50204","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13253","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50209,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50209","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13254","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50213,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50213","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13255","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50215,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50215","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13256","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50217,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50217","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13257","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50219","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13258","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50234","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13259","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50235,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50235","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13260","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50236,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50236","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13261","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50237,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50237","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13262","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50238,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50238","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13263","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50239,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50239","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13264","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50240,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50240","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13265","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50242","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13266","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50247","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13268","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50252","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13269","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50253","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13270","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50256","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13271","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50257","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13272","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50259","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13273","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50264,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50264","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13274","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50271","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13275","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50273,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50273","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13276","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50276","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13277","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50278","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13278","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50280,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50280","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13279","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50283,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50283","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13280","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50287,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50287","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13281","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50289,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50289","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13282","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50302,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50302","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13283","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50304","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13284","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50314","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13285","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50316","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13286","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50323,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50323","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13287","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50325,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50325","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13288","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50327,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50327","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13289","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50337","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13290","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50339","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13291","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50343,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50343","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13292","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50349","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13293","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50351","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13294","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50354,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50354","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13295","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50358,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50358","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13296","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50361,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50361","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13298","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50370","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13299","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50373,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50373","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13300","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50374,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50374","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13301","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50379,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50379","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13302","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50390","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13303","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50398","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13304","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50399","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13305","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50401,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50401","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13306","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50406,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50406","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13307","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50410","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13308","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50414,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50414","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13309","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50416,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50416","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13310","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50418,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50418","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13311","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50421,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50421","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13312","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50424","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13313","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50433","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13314","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50435","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13315","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50442,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50442","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13316","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50444","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13317","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50450","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13318","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50453,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50453","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13319","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50456","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13320","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50464,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50464","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13321","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50468,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50468","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13322","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50470","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13323","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50474,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50474","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13324","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50476","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13325","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50485","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13327","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50490,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50490","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13328","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50493","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13329","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50495,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50495","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13330","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50498","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13331","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50500","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13332","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50503,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50503","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13333","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50507,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50507","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13334","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50509,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50509","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13335","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":7,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50514","inputVector":"","url":"https://www.dahd.gov.in/","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13336","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50519","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13337","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50520,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50520","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13338","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50522,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50522","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13339","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50530","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13340","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50535,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50535","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13341","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50539","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13342","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50540,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50540","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13343","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50542","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13344","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50544,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50544","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13345","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50546","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13346","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50548,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50548","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13347","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50552,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50552","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13348","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50555,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50555","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13349","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50558,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50558","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13350","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50561,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50561","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13351","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50565","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13352","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50567,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50567","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13353","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50569","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13354","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50573","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13355","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50576,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50576","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13356","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50579,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50579","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13357","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50583,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50583","inputVector":"","url":"https://www.dahd.gov.in/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13358","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50584,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50584","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13359","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50586","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13360","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50591,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50591","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13361","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50594,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50594","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13362","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50600,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50600","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13363","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50604,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50604","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13364","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50606,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50606","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13365","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50612,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50612","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13366","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50615,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50615","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13367","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50620","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13368","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50626,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50626","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13369","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50630","inputVector":"","url":"https://www.dahd.gov.in/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13370","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50632,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50632","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13371","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50634","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13372","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/jquery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50637,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50637","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/jquery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13374","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50638","inputVector":"","url":"https://www.dahd.gov.in/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13375","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50640","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13376","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50643,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50643","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13377","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50645,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50645","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13378","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50646","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13379","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50648,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50648","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13380","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50649","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13381","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/about-departments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":141,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50651","inputVector":"","url":"https://www.dahd.gov.in/about-us/about-departments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13382","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50653","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13383","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50654,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50654","inputVector":"","url":"https://www.dahd.gov.in/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13384","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50657","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13385","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50661","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13386","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50664","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13387","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50670,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50670","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13389","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50676,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50676","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13390","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50677,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50677","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13391","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50678,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50678","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13392","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50684","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13393","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50685","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13394","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50693,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50693","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13395","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50701","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13396","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50703","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13397","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50704,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50704","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13398","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50706,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50706","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13399","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50708","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13400","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50712","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13401","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50716","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13403","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50725,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50725","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13404","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50727,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50727","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13405","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50731,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50731","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13407","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50734","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13408","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50735","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13409","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50739,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50739","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13410","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50741,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50741","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13411","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50742","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13412","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/loadjs","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50745,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50745","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/loadjs","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13413","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50746,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50746","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13414","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50750","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13415","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50752","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13416","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50756","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13417","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50759,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50759","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13418","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50761","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13419","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50767,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50767","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13420","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50768","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13421","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50770","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13422","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50773,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50773","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13423","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50775","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13424","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50779","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13425","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50787","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13426","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50789","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13427","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/tabbable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50793,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50793","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/tabbable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13428","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50794","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13429","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50796,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50796","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13430","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/misc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50798","inputVector":"","url":"https://www.dahd.gov.in/core/misc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13431","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/assets/vendor/once","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50800","inputVector":"","url":"https://www.dahd.gov.in/core/assets/vendor/once","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13432","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50804","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13433","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50806","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13434","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50810","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13436","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50812","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13437","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50814,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50814","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13438","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50818","inputVector":"","url":"https://www.dahd.gov.in/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13439","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50819","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13440","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50820","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13441","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50823","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13442","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50826","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13443","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50828","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13444","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50830","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13445","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50833","inputVector":"","url":"https://www.dahd.gov.in/core/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13446","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50834","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13447","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50837,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50837","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13448","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50840","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13449","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50843","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13450","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50846,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50846","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13451","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50848","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13452","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50850","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13453","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50852,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50852","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13454","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50854","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13455","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50859,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50859","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13457","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50860","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13458","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50862","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13459","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50864,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50864","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13460","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50866","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13461","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50868","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13462","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50870,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50870","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13463","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50872","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13464","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50875,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50875","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13465","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50878","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13466","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50883","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13467","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50885","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13468","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50887","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13469","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50889","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13470","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50893","inputVector":"","url":"https://www.dahd.gov.in/core/modules/statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13471","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":230,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50895","inputVector":"","url":"https://www.dahd.gov.in/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13472","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50897","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13473","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50900","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13474","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50903","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13475","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50905","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13476","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":516,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50909","inputVector":"","url":"https://www.dahd.gov.in/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13478","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50911","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13479","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50914","inputVector":"","url":"https://www.dahd.gov.in/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13480","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/core/modules/views/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":50916,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50916","inputVector":"","url":"https://www.dahd.gov.in/core/modules/views/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13481","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50919","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13482","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50921","inputVector":"","url":"https://www.dahd.gov.in/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13483","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50923","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13484","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50927","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13485","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50933","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13487","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50936","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13488","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50938","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13489","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50940","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13490","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50947","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13491","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50948","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13492","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50952","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13494","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50956","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13495","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50958","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13496","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50965","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13497","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50967","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13498","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50969","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13499","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50976","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13501","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50978","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13502","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50982","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13503","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50987","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13504","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50993","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13506","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50995","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13507","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"50998","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13508","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51000","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13509","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51002","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13510","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51004","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13511","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51007","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13512","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51008","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13513","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51010","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13514","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51012","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13515","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51015","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13516","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51019","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13517","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51023","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13518","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51030","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13520","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51033","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13521","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51037","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13522","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51039","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13523","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51040","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13524","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51042","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13525","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51044","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13526","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51047","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13527","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51049","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13528","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51051","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13529","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51056","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13530","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51058","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13531","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51064","inputVector":"","url":"https://www.dahd.gov.in/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13533","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51067","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13534","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51070","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13535","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51074","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13536","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51076","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13537","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51079","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13538","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51080","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13539","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51083","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13540","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51085","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13541","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51086","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13542","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51088","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13543","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":748,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51094","inputVector":"","url":"https://www.dahd.gov.in/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13544","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51098","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13545","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51106","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13547","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51109","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13548","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51111","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13549","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51113","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13550","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51115","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13551","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51117","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13552","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51120","inputVector":"","url":"https://www.dahd.gov.in/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13553","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51123","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13554","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51126","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13555","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51131","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13556","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51134","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13557","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51136","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13558","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51138","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13559","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51140","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13560","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51142","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13561","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51145","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13562","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51150","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13564","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51152","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13565","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51154","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13566","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51156","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13567","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51159","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13568","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51163","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13569","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51165","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13570","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51170","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13571","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51171","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13572","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51173","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13573","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51175","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13574","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51179","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13575","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51181","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13576","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51185","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13577","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51189","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13578","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51191","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13579","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51193","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13580","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51195","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13581","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51197","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13582","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51199","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13583","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51205","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13585","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51207","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13586","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51213","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13587","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51216","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13588","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51217","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13589","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51218","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13590","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51221","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13591","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51222","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13592","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51225","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13593","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51227","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13594","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51230","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13595","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51232","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13596","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51234","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms?page=3","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13597","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51237","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13598","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51241","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13599","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51243","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13600","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51246","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13601","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51247","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13602","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51250","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13603","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51251","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13604","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51253","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13605","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51256","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13606","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51265","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13608","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51267","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13609","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51269","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13610","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51271","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13611","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51273","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13612","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51275","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13613","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51277","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13614","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51279","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13615","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51283","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13616","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51287","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13617","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51289","inputVector":"","url":"https://www.dahd.gov.in/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13618","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51291","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13619","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51293","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13620","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51296","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13621","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51299","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13622","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51301","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13623","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51303","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13624","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51305","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13625","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51307","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13626","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51310","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13627","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51318","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13628","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51319","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13629","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51320","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13630","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51322","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13631","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51324","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13632","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51326","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13633","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51330","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13634","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51334","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13635","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51335","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13636","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51339","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13638","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51342","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13639","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51344","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13640","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51346","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13641","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51348","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13642","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51350","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13643","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51352","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13644","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51355","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13645","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51358","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13646","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51363","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13647","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51366","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13648","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51369","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13649","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51371","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13650","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51374","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13651","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51377","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13652","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51378","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13653","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51380","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13654","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51383","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13655","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51390","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13657","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51393","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13658","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51394","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13659","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51396","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13660","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51398","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13661","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51400","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13662","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51402","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13663","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51408","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13664","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51411","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13665","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51413","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13666","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51416","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13667","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51418","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13668","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51420","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13669","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51422","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13670","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51424","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13671","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51427","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13672","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51432","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13673","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51433","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13674","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51435","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13675","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51437","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13676","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51442","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13678","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51448","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13679","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51450","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13680","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51453","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13681","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51454","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13682","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51456","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13683","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51459","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13684","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51464","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13685","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51465","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13686","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51467","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13687","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51468","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13688","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51472","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13689","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51474","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13690","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51477","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13691","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51479","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13692","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51483","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13693","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51486","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13694","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51488","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13695","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51490","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13696","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51492","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13697","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51498","inputVector":"","url":"https://www.dahd.gov.in/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13699","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51500","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13700","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51502","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13701","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51504","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13702","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51506","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13703","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51509","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13704","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51512","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13705","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51516","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13706","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51518","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13707","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51521","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13708","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51522","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13709","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51524","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13710","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51526","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13711","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51528","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13712","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51531","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13713","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51533","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13714","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51536","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13715","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51540","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/annual-accounts","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13716","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51545","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13717","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51549","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13718","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51550","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13719","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51554","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13721","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51556","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/cag-pac","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13722","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1824,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51558","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permits-authorizations","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13723","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51560","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13724","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51562","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13725","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51565","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13726","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51568","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13727","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51570","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13728","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51572","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/concessions-permit-authorization-granted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13729","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51574","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13730","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51576","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13731","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1601,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51579","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13732","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51581","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13733","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51583","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/budget-and-programme/report-disbursements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13734","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1477,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51587","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13735","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51591","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13736","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51596","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13738","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51599","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13739","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51601","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13740","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51603","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13741","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51605","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13742","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51607","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13743","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51610","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13744","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51614","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13745","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51616","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13746","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51618","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13747","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51620","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13748","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51623","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13749","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51626","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13750","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51628","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13751","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51632","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13752","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51634","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13753","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51641","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13755","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51643","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13756","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51645","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13757","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51648","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13758","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51651","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13759","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51653","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13760","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51654","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13761","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51657","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13762","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51660","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13763","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2165,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51662","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/gross_monthly_remuneration","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13764","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51665","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13765","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51669","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13766","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1560,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51672","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13767","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51676","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13769","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51680","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13770","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51682","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/cpio_faa","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13771","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2152,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51685","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/term-tenure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13772","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51689","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13773","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51691","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13774","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/guidelines","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51693","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/guidelines","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13775","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51697","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13776","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51700","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/power-functions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13777","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1911,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51706","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/dates-which-constituted","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13778","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51710","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/minutes-meeting","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13779","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2136,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51711","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/board-council-committee-name","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13780","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1675,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51717","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13782","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51720","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13783","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51725","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13784","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51733","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13785","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51736","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13786","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51746","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13787","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51748","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13788","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51759","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13789","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51764","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13790","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1718,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51771","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13791","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51777","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13792","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51781","inputVector":"","url":"https://www.dahd.gov.in/division/administration/rti/organisation-function/composition","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13793","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51784","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13794","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51793","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13795","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51794","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13796","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51796","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13797","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51803","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13798","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51809","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13799","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51812","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13800","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51815","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13801","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51819","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13802","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51825","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13803","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51829","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13804","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51832","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13805","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51837","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13806","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51841","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13807","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51850","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13808","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51852","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13809","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51855","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13810","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51858","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13811","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51860","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13812","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51864","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13813","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51872","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13814","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51874","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13815","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51878","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13816","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51881","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13817","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51888","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13818","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51889","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13819","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51896","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13820","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51897","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13821","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51899","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13822","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51901","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13823","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51904","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13824","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51905","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13825","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51911","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13826","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51913","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13827","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51916","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13828","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51918","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13829","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51921","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13830","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51926","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13831","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51927","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13832","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51933","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13833","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51936","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13834","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51937","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13835","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51939","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13836","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51943","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13837","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51946","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13838","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51948","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13839","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51950","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13840","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51952","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13841","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51957","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13842","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51960","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13843","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51964","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13844","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51966","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13845","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51968","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13846","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51971","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13847","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51974","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13848","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51977","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13849","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51978","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13850","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51984","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13851","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51986","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13852","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51989","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13853","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51993","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13854","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51995","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13855","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"51998","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13856","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52000","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13857","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52002","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13858","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52004","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13859","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52008","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13860","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52011","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13861","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52013","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13862","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52017","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13863","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52019","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13864","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52020","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13865","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52024","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13866","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52026","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13867","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52030","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13868","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52032","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13869","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52035","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13870","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52037","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13871","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52043","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13872","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52045","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13873","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52047","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13874","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52049","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13875","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52054","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13876","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52056","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13877","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52058","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13878","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52062","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13879","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52066","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13880","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52069","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13881","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52070","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13882","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52072","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13883","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52074","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13884","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52076","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13885","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52082","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13886","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52087","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13887","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52090","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13888","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52092","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13889","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52095","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13890","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52097","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13891","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52100","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13892","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52101","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13893","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":542,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52104","inputVector":"","url":"https://www.dahd.gov.in/division/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13894","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52106","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13895","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":551,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52108","inputVector":"","url":"https://www.dahd.gov.in/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13896","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52110","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13897","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52112","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13898","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52115","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13899","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52121","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13900","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52123","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13901","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52126","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13902","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":265,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52128","inputVector":"","url":"https://www.dahd.gov.in/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13903","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52131","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13904","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52134","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13905","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52137","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13906","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52141","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13907","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52143","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13908","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52145","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13909","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52147","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13910","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52151","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13911","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52155","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13912","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52158","inputVector":"","url":"https://www.dahd.gov.in/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13913","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52159","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13914","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52162","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13915","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52166","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13916","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52168","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13917","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52172","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13918","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52174","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13919","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52177","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13920","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52181","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13921","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52183","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"13922","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52187","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13923","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52189","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13924","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52191","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13925","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52196","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13926","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52198","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13927","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52201","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13928","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52205","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13929","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52208","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13930","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52211","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13931","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52213","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13932","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52216","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13933","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52223","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"13934","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52224","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13935","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52227","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13936","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52231","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13937","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52234","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13938","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52236","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13939","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52239","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13940","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52241","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13941","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52245","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13942","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52248","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13943","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52251","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13944","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52253","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13945","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52255","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13946","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52257","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13947","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52262","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13948","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52265","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13949","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52271","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13950","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52273","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13951","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52275","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13952","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52280","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13954","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52281","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13955","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52283","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"13956","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52287","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13957","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52289","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13958","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52294","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13959","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52297","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13960","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52299","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13961","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52301","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13962","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52304","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13963","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52307","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13964","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52313","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13965","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52315","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13966","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52316","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13967","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52320","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13968","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52323","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"13969","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52328","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13971","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52330","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13972","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52333","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13973","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":518,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52335","inputVector":"","url":"https://www.dahd.gov.in/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13974","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52337","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13975","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52339","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13976","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52345","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13977","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52347","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"13978","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52351","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13979","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52353","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13980","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52356","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13981","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52360","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13982","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1719,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52362","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13983","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52364","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13984","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52367","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"13985","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":493,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52372","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13987","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52374","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13988","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52378","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13989","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/admin-II (field_date_admin_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52381","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/admin-II?field_date_admin_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"13990","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52386","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13991","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52388","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13992","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52393","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13993","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52396","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"13994","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52401","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13995","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52403","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"13996","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52416","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"13998","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52418","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"13999","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52423","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14000","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52425","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14001","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52427","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14002","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52438","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14004","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52440","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14005","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52444","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14006","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52446","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14007","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1164,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52448","inputVector":"","url":"https://www.dahd.gov.in/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14008","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52450","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14009","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52452","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14010","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52454","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14011","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52456","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14012","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52461","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14013","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52469","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14014","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52471","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14015","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52474","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14016","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52481","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14018","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52483","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14019","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52485","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14020","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52488","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14021","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52490","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14022","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52495","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14023","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52497","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14024","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52507","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14025","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52508","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14026","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52513","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14028","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52517","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14029","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52519","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14030","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52522","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14031","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52526","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14032","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52528","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14033","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52531","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14034","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52534","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14035","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52538","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14036","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52542","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14037","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52544","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14038","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52553","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14040","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52555","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14041","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52559","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14042","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52563","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14044","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52565","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14045","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52567","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14046","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52572","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14047","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52576","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14048","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52580","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14050","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52586","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14051","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52589","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14052","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52593","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14053","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52595","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14054","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52600","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14055","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52606","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14057","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52608","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14058","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52613","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14059","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52616","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14060","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52618","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14061","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52622","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14062","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52625","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14063","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52628","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14064","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52633","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14066","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52636","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14067","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52642","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14069","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52645","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14070","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52648","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14071","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52650","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14072","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52653","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14073","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52656","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14074","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52659","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14075","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52668","inputVector":"","url":"https://www.dahd.gov.in/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14076","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52670","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14077","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52671","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14078","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52672","inputVector":"","url":"https://www.dahd.gov.in/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14079","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52673","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14080","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52676","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14081","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52679","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14082","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52685","inputVector":"","url":"https://www.dahd.gov.in/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14085","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52687","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14086","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52689","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14087","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52692","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14088","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/citizencharter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52693","inputVector":"","url":"https://www.dahd.gov.in/document/citizencharter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14089","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52698","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14090","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52699","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14091","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52702","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14092","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52709","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14093","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52711","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14094","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52713","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14095","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52717","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14096","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52725","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14099","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52727","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14100","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52730","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14101","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52732","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14102","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52735","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14103","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52738","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14104","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52740","inputVector":"","url":"https://www.dahd.gov.in/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14105","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52744","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14106","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52749","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14107","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52751","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14108","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52755","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14109","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52758","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14110","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52761","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14111","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52763","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14112","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52768","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14114","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52771","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14115","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52776","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14116","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52778","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14117","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52780","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14118","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52784","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14119","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52787","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14120","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52789","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14121","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52791","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14122","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52795","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14123","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52797","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14124","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52804","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14126","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52806","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14127","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52811","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14128","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52814","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14129","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52817","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14130","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52819","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14131","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52822","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14132","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52824","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14133","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52828","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14134","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52830","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14135","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52832","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14136","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52840","inputVector":"","url":"https://www.dahd.gov.in/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14138","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52846","inputVector":"","url":"https://www.dahd.gov.in/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14139","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52848","inputVector":"","url":"https://www.dahd.gov.in/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14140","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52850","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14141","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52852","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14142","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":683,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52855","inputVector":"","url":"https://www.dahd.gov.in/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14143","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1124,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52858","inputVector":"","url":"https://www.dahd.gov.in/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14144","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52860","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14145","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52864","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14146","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52867","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14147","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52874","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14149","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52878","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14150","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52882","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14151","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52887","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14152","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52890","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14153","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52896","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14155","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52899","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14156","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52903","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14157","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52906","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14158","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52908","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14159","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52911","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14160","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52913","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14161","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52915","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14162","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52924","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14164","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52930","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14165","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52931","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14166","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52934","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14167","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52938","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14168","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52939","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14169","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52941","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14170","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52943","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14171","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52954","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14173","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52958","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14174","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52961","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14175","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52963","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14176","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52967","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14177","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52969","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14178","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52971","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14179","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52973","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14180","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52980","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14181","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52984","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14182","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52986","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14183","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52988","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14184","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52990","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14185","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":722,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52992","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14186","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"52995","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14187","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53000","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14188","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53004","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14189","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53008","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14190","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53010","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14191","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53014","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14192","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":789,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53018","inputVector":"","url":"https://www.dahd.gov.in/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14193","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53021","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14194","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53026","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14195","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53028","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14196","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53032","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14197","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53034","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14198","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53040","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14199","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53043","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14200","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53048","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14201","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53052","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14202","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53056","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14204","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53058","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14205","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53061","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14206","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53062","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14207","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53066","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14208","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53069","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14209","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53073","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14210","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53079","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14211","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53080","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14212","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53089","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14214","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53092","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14215","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53097","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14216","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53098","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14217","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53099","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14218","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53100","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14219","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53101","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14220","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53104","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14221","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53105","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14222","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53109","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14223","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53115","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14224","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53118","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14225","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53121","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14226","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53124","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14228","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53129","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14229","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53131","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14230","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53132","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14231","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53134","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14232","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53136","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14233","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53139","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14234","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53144","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14235","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53146","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14236","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53150","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14237","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53153","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14238","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53157","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14239","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53159","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14240","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53161","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14241","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53164","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14242","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53168","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14243","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53171","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14245","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53173","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14246","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53176","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14247","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53178","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14248","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53181","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14249","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53188","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14250","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53192","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14251","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53195","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14252","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53197","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14253","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":664,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53202","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14255","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53203","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14256","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53205","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14257","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53207","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14258","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53211","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14259","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53213","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14260","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53215","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14261","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53219","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14262","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53226","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14263","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53228","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14264","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53231","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14265","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53233","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14266","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53237","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14267","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53238","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14268","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53239","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14269","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53241","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14270","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53244","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14271","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53246","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14272","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53247","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14273","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53251","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14274","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53253","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14275","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53255","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14276","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53260","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14278","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53263","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14279","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53266","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14280","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53269","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14281","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53274","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14282","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53276","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14283","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53279","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14284","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53281","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14285","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53284","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14286","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53287","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14287","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53289","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14288","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53291","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14289","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53293","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14290","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53296","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14291","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53299","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14292","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":549,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53301","inputVector":"","url":"https://www.dahd.gov.in/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14293","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53303","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14294","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53305","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14295","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53307","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14296","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53309","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14297","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53311","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14298","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53315","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14300","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53322","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14301","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53328","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14302","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53331","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14303","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53332","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14304","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53334","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14305","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53335","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14306","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53337","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14307","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53339","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14308","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53342","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14309","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53345","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14310","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53347","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14311","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53350","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14312","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53352","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14313","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53355","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14314","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53357","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14315","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53360","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14316","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53362","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14317","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53366","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14318","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53369","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14319","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53371","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14320","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53374","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14321","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53376","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14322","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53378","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14323","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53385","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14324","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53386","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14325","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53388","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14326","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53390","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14327","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53394","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14328","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53396","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14329","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53398","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14330","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53400","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14331","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53406","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14333","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53407","inputVector":"","url":"https://www.dahd.gov.in/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14334","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53410","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14335","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53412","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14336","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53417","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14337","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53419","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14338","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53421","inputVector":"","url":"https://www.dahd.gov.in/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14339","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53423","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14340","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53432","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14341","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53433","inputVector":"","url":"https://www.dahd.gov.in/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14342","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53434","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14343","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53435","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14344","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53438","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14345","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53439","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14346","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53442","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14347","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53444","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14348","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53447","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14349","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53453","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14351","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53455","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14352","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53457","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14353","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53460","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14354","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53462","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14355","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53464","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14356","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53466","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14357","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53469","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14358","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53474","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14359","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53476","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14360","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53479","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14361","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53485","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14362","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53488","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14363","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53489","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14364","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53491","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14365","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53495","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14366","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53496","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14367","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53498","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14368","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53500","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14369","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53504","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14371","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53506","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14372","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53508","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14373","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53510","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14374","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53515","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14375","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53517","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14376","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53524","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14377","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53528","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14378","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53530","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14379","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53532","inputVector":"","url":"https://www.dahd.gov.in/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14380","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53533","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14381","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53534","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14382","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53537","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14383","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53539","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14384","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53541","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14385","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":780,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53546","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/allocation-business-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14387","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":93,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53550","inputVector":"","url":"https://www.dahd.gov.in/hi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14388","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53552","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/aboutdepartments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14389","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53554","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14390","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53558","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14391","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53560","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14392","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53563","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14393","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53565","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14394","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53567","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14395","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53571","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14396","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/organizational-structure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53574","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/organizational-structure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14397","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53576","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14398","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53580","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14399","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53581","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14400","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53587","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14402","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53591","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14403","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53593","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14404","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53596","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14405","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53599","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14406","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53601","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14407","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53603","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14408","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53607","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14409","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53612","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14410","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53616","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/list-attachedsubordinate-offices-department","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14411","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53620","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14412","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53621","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14413","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53623","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14414","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53627","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14415","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53629","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14416","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53631","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14417","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53633","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14418","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53635","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14419","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53637","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14420","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53643","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14421","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53651","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14422","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53652","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14423","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53654","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14424","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53657","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14425","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53660","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14426","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53662","inputVector":"","url":"https://www.dahd.gov.in/hi/ahidf-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14427","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53664","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14428","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53667","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14429","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report (field_years_target_id)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53670","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report?field_years_target_id=577","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14430","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53672","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14431","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/contact_us","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":948,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53674","inputVector":"","url":"https://www.dahd.gov.in/hi/contact_us","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14432","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53676","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14433","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/annual-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53681","inputVector":"","url":"https://www.dahd.gov.in/hi/annual-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14434","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53683","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14435","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53689","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14436","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53690","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14437","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53693","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14438","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53695","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14439","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":813,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53699","inputVector":"","url":"https://www.dahd.gov.in/hi/cyber-security-awareness-month","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14440","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53703","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14441","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53704","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14442","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/dahd-dashboard","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":809,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53705","inputVector":"","url":"https://www.dahd.gov.in/hi/dahd-dashboard","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14443","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":930,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53707","inputVector":"","url":"https://www.dahd.gov.in/hi/about-us/vision-mission-objective","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14444","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/disclaimer","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":886,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53710","inputVector":"","url":"https://www.dahd.gov.in/hi/disclaimer","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14445","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53712","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14446","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53715","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14447","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53720","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14448","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53722","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14449","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53725","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14450","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53727","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14451","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53729","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14452","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53737","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14453","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53739","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14454","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53742","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14455","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53744","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14456","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53747","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14457","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53749","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14458","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53753","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14459","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53756","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14460","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53762","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14461","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53765","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14462","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53769","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14463","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53771","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14464","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53773","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14465","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53776","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14466","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53779","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14467","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53784","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14468","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53787","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14469","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53789","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14470","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53795","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14471","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53797","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14472","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53799","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14473","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53804","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14474","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53807","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14475","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53808","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14476","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53813","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14477","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53816","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14478","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53820","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/aparcell/forms","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14479","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53823","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14480","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53827","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14481","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53830","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14482","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53833","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14483","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53837","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14484","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53839","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14485","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53842","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14486","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53845","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14487","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53853","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14489","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53855","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14490","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53857","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14491","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53860","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14492","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53862","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14493","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53864","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14494","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53873","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14495","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53875","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14496","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53877","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14497","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53883","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14499","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53886","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14500","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53888","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14501","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53892","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14502","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53897","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14503","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53900","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14504","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53901","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14505","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53904","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14506","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53907","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14507","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53909","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14508","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53915","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14510","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/cash-section","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53922","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/cash-section","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14511","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53924","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14512","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53926","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14513","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53931","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14514","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53933","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14515","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53934","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14516","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53944","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14518","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53952","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14519","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53954","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14520","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53955","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14521","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53957","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14522","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53959","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/budget-and-programme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14523","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53970","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14525","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53974","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14526","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53975","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/organisation-function","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14527","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53979","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/publicity-public-interface","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14528","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53981","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/e-governance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14529","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"53992","inputVector":"","url":"https://www.dahd.gov.in/hi/division/administration/rti/rti-information-prescribed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14531","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54081","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14538","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54083","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14539","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54091","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14540","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54100","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14541","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54102","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14542","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54108","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14543","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54118","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14544","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54120","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14545","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54126","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14546","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54135","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14547","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54137","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14548","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54149","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14549","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54151","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14550","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54153","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14551","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54167","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14552","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54172","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14553","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54173","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14554","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54174","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14555","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54178","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14556","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54190","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14557","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54197","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14558","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54199","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14559","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54200","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14560","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54207","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14561","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54211","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14562","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54218","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14563","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54222","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14564","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54228","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14565","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54229","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14566","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54232","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14567","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54234","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14568","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54237","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14569","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54238","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14570","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54241","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14571","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54244","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14572","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54247","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14573","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54250","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14574","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54254","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14575","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54256","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14576","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54260","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14577","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54265","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14578","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54268","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14579","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54269","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14580","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54271","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14581","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54272","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14582","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54275","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14583","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54279","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14584","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54281","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14585","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54284","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14586","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54290","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14587","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54292","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14588","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54294","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14589","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54296","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14590","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54299","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14591","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54301","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14592","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54304","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14593","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54309","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14594","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54311","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14595","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54312","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14596","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54314","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14597","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54321","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14598","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54325","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14599","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54327","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14600","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54329","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14601","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54333","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14602","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54334","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14603","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54336","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14604","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54338","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14605","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54342","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14606","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54348","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14607","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54350","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14608","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54353","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14609","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/kcc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54357","inputVector":"","url":"https://www.dahd.gov.in/hi/division/kcc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14610","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54360","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14611","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54364","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14612","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54366","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14613","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54369","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14614","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/international-cooperation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":924,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54371","inputVector":"","url":"https://www.dahd.gov.in/hi/division/international-cooperation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14615","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54373","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14616","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54381","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14617","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54383","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14618","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/awd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":818,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54384","inputVector":"","url":"https://www.dahd.gov.in/hi/division/awd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14619","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54385","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14620","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54391","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14621","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54394","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14622","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54397","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14623","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54399","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14624","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54401","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14625","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54406","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14626","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54409","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14627","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54411","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14628","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54417","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14629","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54422","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14630","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54424","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14631","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54427","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14632","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54429","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14633","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54431","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14634","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54435","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14635","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54438","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14636","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54442","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14637","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54444","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14638","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54447","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14639","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54452","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14640","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54455","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14641","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54456","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14642","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54460","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14643","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54462","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14644","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54467","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14645","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54470","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14646","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54472","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14647","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54477","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14648","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54481","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14649","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54483","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14650","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54487","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14651","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54490","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14652","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54493","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14653","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54495","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14654","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54500","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14655","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54502","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14656","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54504","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14657","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54508","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14658","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54513","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14659","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54515","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14660","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54518","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14661","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54522","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14662","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54524","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14663","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54529","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14664","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54531","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14665","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54534","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14666","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54536","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14667","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54540","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14668","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54542","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14669","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54546","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14670","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54554","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14671","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54556","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14672","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54557","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14673","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i (field_date_admin1_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54561","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i?field_date_admin1_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14674","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54563","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14675","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54565","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/admin-i","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14676","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54568","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2021","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14677","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54570","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14678","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54575","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14679","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":803,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54579","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14680","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54581","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14681","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54583","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14682","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54585","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/2022","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14683","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54587","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14684","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/division/trade (field_date_trade_end_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54590","inputVector":"","url":"https://www.dahd.gov.in/hi/division/trade?field_date_trade_end_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14685","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54593","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14686","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54598","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/rti/rti-information-disclosed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14687","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54600","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14688","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54606","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14689","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54611","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14690","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54613","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14691","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54618","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14692","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54625","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14693","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54627","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14694","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54630","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14695","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54637","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14696","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54641","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14697","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54644","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14698","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54653","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14699","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54655","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14700","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54660","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14701","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54668","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14702","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54669","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14703","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54674","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14704","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54679","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14705","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54683","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14706","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54686","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14707","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54689","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14708","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54692","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14709","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54695","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14710","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54701","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14711","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54703","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14712","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54706","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14713","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54709","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14714","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54712","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14715","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54716","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14716","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54718","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14717","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54721","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14718","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54725","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14719","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54726","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14720","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54731","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14721","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54733","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14722","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54736","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14723","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54740","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14724","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54743","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14725","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54745","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14726","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54747","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14727","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54750","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14728","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54753","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14729","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54755","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14730","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54759","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14731","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54766","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14732","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54770","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14733","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54772","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14734","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54775","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14735","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54777","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14736","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54779","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14737","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54781","inputVector":"","url":"https://www.dahd.gov.in/hi/divisions/administration/vigilance-apar","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14738","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54784","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14739","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54792","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14740","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54795","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14741","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54799","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14742","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54801","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14743","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54803","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14744","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54806","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14745","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54809","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14746","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54814","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14747","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54817","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14748","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54820","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14749","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54828","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14750","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54830","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14751","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54834","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14752","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":810,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54835","inputVector":"","url":"https://www.dahd.gov.in/hi/document/acts-rules-notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14753","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54837","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14754","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54839","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14755","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54846","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14756","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54851","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14757","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54857","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14758","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54858","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14759","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54861","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14760","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54862","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14761","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54864","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14762","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54866","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14763","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54870","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14764","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54872","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14765","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/demand-grants","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54875","inputVector":"","url":"https://www.dahd.gov.in/hi/document/demand-grants","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14766","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54878","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14767","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/document/assets-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":770,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54880","inputVector":"","url":"https://www.dahd.gov.in/hi/document/assets-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14768","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54887","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14769","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54890","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14770","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54892","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14771","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54895","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14772","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54896","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14773","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54898","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14774","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54900","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14775","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54905","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14776","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54909","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14777","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54911","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14778","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54918","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14779","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54922","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14780","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54924","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14781","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54926","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14782","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54929","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14783","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54931","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14784","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54933","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14785","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54936","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14786","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54938","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14787","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54949","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14788","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54950","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14789","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54954","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14790","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54956","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14791","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54958","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14792","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54962","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14793","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54964","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14794","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54966","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14795","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54969","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14796","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54973","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14797","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54976","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14798","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54978","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14799","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54984","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14800","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54988","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14801","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54992","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14802","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54994","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14803","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"54997","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14804","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55000","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14805","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55002","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14806","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55004","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14807","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55008","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14808","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/e-office","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":839,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55014","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/e-office","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14809","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/accounts-glance","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":906,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55016","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/accounts-glance","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14810","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55021","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14811","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55024","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14812","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":923,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55026","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14813","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55029","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14814","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55031","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14815","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55035","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14816","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55037","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14817","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55040","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/procurement-projections-dahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14818","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55050","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14819","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/documents/tender (field_date_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55052","inputVector":"","url":"https://www.dahd.gov.in/hi/documents/tender?field_date_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14820","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55054","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14821","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55056","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14822","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55058","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14823","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55060","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14824","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55062","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14825","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55067","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14826","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55069","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14827","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55079","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14828","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55081","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14829","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55083","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14830","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55086","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14831","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55089","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14832","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55090","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14833","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55095","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14834","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55097","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14835","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55107","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14836","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55109","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14837","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55111","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14838","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55113","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14839","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55115","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14840","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55118","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14841","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55123","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14842","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55127","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14843","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55133","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14844","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55136","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14845","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55140","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14846","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55142","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14847","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55145","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14848","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55148","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14849","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55150","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14850","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55153","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14851","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55157","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14852","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55159","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14853","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55164","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14854","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55167","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14855","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55169","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14856","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55171","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14857","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55173","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14858","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55177","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14859","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55178","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14860","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55181","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14861","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55183","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14862","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55187","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14863","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55191","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14864","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55193","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"14865","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55199","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14866","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55201","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14867","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55203","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14868","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55205","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14869","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55208","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14870","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55211","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14871","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55214","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14872","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":885,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55216","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/sheep-goat-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14873","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55218","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14874","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55220","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14875","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":802,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55222","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/gopal-ratna-awards-2021-winners","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14876","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55224","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-multiplication-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14877","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55230","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/pig-breeder-farm","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14878","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":794,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55232","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-and-publicity/success-story/breed-development-rural-poultry","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"14879","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55235","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14880","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55237","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14881","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55240","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14882","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55244","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14883","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55245","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14884","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55246","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14885","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55250","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14886","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55252","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14887","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55254","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14888","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55258","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14889","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55259","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14890","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55261","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14891","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55263","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14892","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55266","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14893","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55268","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14894","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55270","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14895","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55272","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14896","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55273","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14897","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55275","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14898","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55277","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14899","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55279","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14900","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55281","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14901","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55284","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14902","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55287","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14903","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55290","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14904","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55293","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14905","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55295","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14906","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55298","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14907","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55303","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14908","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55305","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14909","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55307","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14910","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55309","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14911","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55311","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14912","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55314","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14913","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55317","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14914","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55319","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14915","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55321","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14916","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55323","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14917","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55325","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14918","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55327","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14919","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55329","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14920","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55332","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14921","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55334","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14922","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55336","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14923","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55338","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14924","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55341","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14925","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55343","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14926","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55346","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"14927","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55348","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14928","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55350","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14929","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55355","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14930","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55366","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14931","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55367","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14932","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55368","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14933","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55369","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14934","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55370","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14935","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55371","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"14936","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55372","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14937","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55375","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14938","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55377","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14939","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55378","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14940","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55380","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14941","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55382","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14942","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55384","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14943","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55386","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14944","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55388","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14945","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55392","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14946","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55394","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14947","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55396","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14948","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55398","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14949","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55402","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14950","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55404","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14951","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55406","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14952","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55408","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14953","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55410","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14954","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55414","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"14955","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55415","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14956","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55417","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14957","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55419","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14958","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55422","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14959","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55424","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14960","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55426","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14961","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55428","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14962","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55430","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14963","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55434","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14964","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55435","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14965","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55438","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14966","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55441","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14967","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55443","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14968","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55445","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14969","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55447","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14970","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55449","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14971","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55451","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14972","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55453","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14973","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55455","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"14974","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55459","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14975","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55460","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14976","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55468","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14977","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55469","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14978","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55470","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14979","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55473","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14980","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55474","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14981","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55476","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14982","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55478","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14983","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55480","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"14984","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55484","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"14985","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55487","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14986","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55488","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14987","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55490","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14988","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55492","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14989","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55494","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14990","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55496","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14991","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55498","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14992","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55501","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14993","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55505","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14994","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55507","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14995","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55510","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"14996","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55512","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14997","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55514","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"14998","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55516","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"14999","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55518","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15000","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55523","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15001","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55525","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15002","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55527","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15003","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55529","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15004","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55531","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15005","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55533","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15006","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55535","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15007","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55538","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15008","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55541","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15009","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55542","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15010","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55547","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15011","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55549","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15012","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55552","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15013","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55555","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15014","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55557","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15015","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55558","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15016","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55560","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15017","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55562","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15018","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55565","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15019","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55566","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15020","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55568","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15021","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55570","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15022","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55573","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15023","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55574","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15024","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55580","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15025","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55582","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15026","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55585","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15027","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55591","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15028","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55592","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15029","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55593","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15030","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55594","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15031","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55596","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15032","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55599","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15033","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55600","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15034","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55603","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15035","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55606","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/iec-material","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15036","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55608","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/sire-directory","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15037","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55610","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15038","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55612","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15039","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55614","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15040","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55616","inputVector":"","url":"https://www.dahd.gov.in/hi/extension-publicity/coffee-table-books","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15041","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55620","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15042","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55622","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15043","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55624","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15044","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55625","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15045","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55629","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15046","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55631","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15047","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55633","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15048","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55635","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15049","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55637","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15050","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55642","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15051","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55644","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15052","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55645","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15053","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55647","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15054","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55651","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15055","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55653","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15056","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55656","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15057","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55657","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15058","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55659","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15059","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55664","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15060","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55666","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15061","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55668","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15062","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55670","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15063","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55672","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15064","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55675","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15065","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55676","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15066","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55678","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15067","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55681","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15068","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55682","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15069","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55684","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15070","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55689","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15071","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55690","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15072","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55694","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15073","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55695","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15074","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55697","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15075","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55700","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15076","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55705","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15077","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55706","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15078","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55708","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15079","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55711","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15080","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55714","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15081","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55716","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15082","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55718","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15083","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55720","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15084","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55723","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15085","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55725","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15086","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55727","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15087","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55729","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15088","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55732","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15089","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55735","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15090","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55736","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15091","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55738","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15092","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55740","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15093","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55742","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15094","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55744","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15095","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55746","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15096","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55748","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15097","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55753","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15098","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55755","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15099","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55758","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15100","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55760","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15101","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55763","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15102","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55764","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15103","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55766","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15104","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55771","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15105","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55774","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15106","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55776","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15107","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55779","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15108","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55781","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15109","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55783","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15110","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55786","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15111","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55788","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15112","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55790","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15113","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55794","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15114","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55798","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15115","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55800","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15116","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55802","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15117","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55805","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15118","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/faq","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55807","inputVector":"","url":"https://www.dahd.gov.in/hi/faq","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15119","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55809","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15120","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55810","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15121","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55811","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15122","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55812","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15123","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55815","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15124","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55817","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15125","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55819","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15126","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55825","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15127","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55826","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15128","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55828","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15129","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55829","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15130","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55831","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15131","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/external-link","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55834","inputVector":"","url":"https://www.dahd.gov.in/hi/external-link","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15132","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55837","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15133","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55844","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15134","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55846","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15135","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55847","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15136","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55849","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15137","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/feedback","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55851","inputVector":"","url":"https://www.dahd.gov.in/hi/feedback","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15138","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55853","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15139","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55855","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15140","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55858","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15141","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55859","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15142","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55862","inputVector":"","url":"https://www.dahd.gov.in/hi/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15143","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55865","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15144","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55866","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15145","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55868","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15146","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55871","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15147","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55875","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15148","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55877","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15149","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55878","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15150","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55880","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15151","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55882","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15152","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55885","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15153","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55887","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15154","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55889","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15155","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/help","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":970,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55893","inputVector":"","url":"https://www.dahd.gov.in/hi/help","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15156","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55894","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15157","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55897","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15158","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55903","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15159","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55904","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15160","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55907","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15161","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55908","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15162","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55910","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15163","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55912","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15164","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55914","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15165","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55916","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15166","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55918","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15167","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55921","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15168","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55925","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15169","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55926","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15170","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55928","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15171","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55931","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15172","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1625","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55933","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1625","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15173","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55936","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15174","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55937","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15175","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55941","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15176","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55944","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15177","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55946","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15178","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1987","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55948","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1987","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15179","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55950","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15180","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1622","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55952","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1622","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15181","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55955","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15182","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1623","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55957","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1623","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15183","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1620","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55963","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1620","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15184","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1627","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55964","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1627","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15185","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55965","inputVector":"","url":"https://www.dahd.gov.in/hi/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15186","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55966","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15187","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1626","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55968","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1626","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15188","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1624","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55972","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1624","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15189","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1619","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55974","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1619","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15190","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55976","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15191","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55978","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15192","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55981","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15193","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55984","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15194","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3239","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55988","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3239","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15195","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55991","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15196","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55992","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15197","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4042","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55994","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4042","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15198","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55997","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15199","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"55999","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15200","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56001","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15201","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56003","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15202","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1621","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56009","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1621","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15203","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1628","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56011","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1628","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15204","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2814","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56012","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2814","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15205","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/4038","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":884,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56015","inputVector":"","url":"https://www.dahd.gov.in/hi/node/4038","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15206","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56017","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15207","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56019","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15208","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1618","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56021","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1618","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15209","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/2787","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":990,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56023","inputVector":"","url":"https://www.dahd.gov.in/hi/node/2787","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15210","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56028","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15211","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56032","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15212","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56034","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15213","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56037","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15214","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56041","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15215","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56043","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15216","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/3954","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56046","inputVector":"","url":"https://www.dahd.gov.in/hi/node/3954","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15217","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56048","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15218","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/node/1986","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56050","inputVector":"","url":"https://www.dahd.gov.in/hi/node/1986","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15219","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56055","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15220","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56057","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15221","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56060","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15222","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56062","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15223","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56064","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15224","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56067","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15225","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56069","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15226","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56071","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15227","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56078","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15228","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56080","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15229","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56084","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15230","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56088","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15231","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56091","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15232","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56093","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15233","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56095","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15234","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56097","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15235","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56099","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15236","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56101","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15237","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56103","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15238","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56105","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15239","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56107","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15240","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56116","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15241","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56118","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15242","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56120","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15243","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56122","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15244","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56128","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15245","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56132","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15246","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56133","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15247","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56135","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15248","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56137","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15249","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56140","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15250","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56142","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15251","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56144","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15252","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56146","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15253","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56149","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15254","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56152","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15255","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56154","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15256","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56159","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15257","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56161","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15258","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56165","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15259","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56167","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15260","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56169","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15261","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56172","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15262","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56176","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15263","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56178","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15264","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56181","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15265","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56184","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15266","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56186","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15267","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56192","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15268","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56195","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15269","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56197","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15270","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56198","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15271","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56201","inputVector":"","url":"https://www.dahd.gov.in/hi/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15272","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56204","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15273","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56208","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15274","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56210","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15275","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56212","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15276","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":928,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56216","inputVector":"","url":"https://www.dahd.gov.in/hi/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15277","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56218","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15278","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56221","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15279","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56224","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15280","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56226","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15281","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56228","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15282","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56230","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15283","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56232","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15284","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56234","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15285","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56237","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15286","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56240","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15287","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56244","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15288","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56246","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15289","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56250","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15290","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56254","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15291","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56257","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15292","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56261","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15293","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56263","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15294","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56265","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15295","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56267","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15296","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56271","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15297","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56275","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15298","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56278","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15299","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56281","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15300","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56282","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15301","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56284","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15302","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56286","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15303","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56289","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15304","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56294","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15305","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56297","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15306","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56300","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15307","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56304","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15308","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56305","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15309","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56307","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15310","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56309","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15311","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56311","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15312","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56314","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15313","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56315","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15314","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56317","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15315","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56322","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15316","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56325","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15317","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56329","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15318","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56332","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15319","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56334","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15320","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56341","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15321","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56343","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15322","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56346","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15323","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56348","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15324","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56350","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15325","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56353","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15326","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56354","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15327","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56356","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15328","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56358","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15329","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56360","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15330","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56362","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15331","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56365","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15332","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56370","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15333","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56376","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15334","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56378","inputVector":"","url":"https://www.dahd.gov.in/hi/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15335","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56382","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-buffalo-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15336","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56383","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15337","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1229,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56385","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-goat-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15338","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56388","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-pig-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15339","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56391","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15340","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56393","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia-cattle-breed","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15341","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":942,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56395","inputVector":"","url":"https://www.dahd.gov.in/hi/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15342","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56397","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15343","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56399","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15344","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56404","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15345","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56407","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15346","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":851,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56408","inputVector":"","url":"https://www.dahd.gov.in/hi/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15347","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56411","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15348","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56413","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15349","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56416","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15350","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56423","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15351","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56428","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15352","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56430","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15353","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56432","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15354","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56434","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15355","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56436","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15356","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56438","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15357","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56447","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15358","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56450","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15359","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56456","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15360","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56458","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15361","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56460","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15362","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56462","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15363","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2658,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56465","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15364","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56467","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15365","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56472","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15366","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56479","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15367","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56482","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15368","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp (field_categories_nadcp_target_id,field_date_nadcp_value,page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56484","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/nadcp?field_categories_nadcp_target_id=102&field_date_nadcp_value=1&page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15369","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56486","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15370","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56493","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15371","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56495","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15372","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56502","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15373","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56505","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15374","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56508","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15375","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56514","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15376","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56517","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15377","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56524","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15378","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56526","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15379","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56532","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15380","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56536","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15381","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56539","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15382","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56547","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15383","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56550","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15384","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56556","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15385","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56558","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15386","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56567","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15387","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56572","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15389","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56573","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15390","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56576","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15391","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56580,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56580","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15392","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56585","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15393","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56588","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15394","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56591","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15395","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56596","inputVector":"","url":"https://www.dahd.gov.in/hi/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15396","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56599,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56599","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15397","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56604","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15398","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56609","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15400","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56611","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15401","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56613","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15402","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56617,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56617","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15403","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56621","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15404","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56631","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15405","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56634","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15406","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56635,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56635","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15407","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56637,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56637","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15408","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56641","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15409","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56643","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15410","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56647,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56647","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15411","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56650,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56650","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15412","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56656","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15413","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56660,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56660","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15414","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56665","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15416","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56667,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56667","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15417","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56669,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56669","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15418","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56673","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15419","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56677","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15420","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56682","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15421","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56684","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15422","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56690","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15423","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56693,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56693","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15424","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56698","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15425","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56702,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56702","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15426","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56705,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56705","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15427","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56711,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56711","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15429","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56714,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56714","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15430","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56717","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15431","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56720,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56720","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15432","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56724","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15433","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56729,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56729","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15434","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56734,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56734","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15435","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56738,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56738","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15436","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56742","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15437","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56744","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15438","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56746,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56746","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15439","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56749","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15440","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56755","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15441","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/564","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56762","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/564","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15442","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56764","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15443","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56773","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15444","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56781,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56781","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15445","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56782,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56782","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15446","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56784","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15447","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56791,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56791","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15448","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56800","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15449","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102 (page)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":4202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56811","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102?page=0","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15451","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56815,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56815","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15452","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56829","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15453","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56835,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56835","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15454","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56837,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56837","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15455","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56846,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56846","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15456","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/taxonomy/term/102","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":3866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56848","inputVector":"","url":"https://www.dahd.gov.in/hi/taxonomy/term/102","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15457","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56850","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15458","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56861","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15459","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56872","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15460","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56880,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56880","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15462","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56887","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15463","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56894","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15464","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56896","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15465","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56897","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15466","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56902,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56902","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15467","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56905","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15468","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56907","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15469","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56912","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15470","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56933","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15471","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56937","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15472","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56947","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15473","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56952,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56952","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15474","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56955","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15475","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56960,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56960","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15476","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56962,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56962","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15477","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56966","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15478","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56972","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15479","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56974,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56974","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15480","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56976,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56976","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15481","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":56989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"56989","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15482","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57001,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57001","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15483","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57007,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57007","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15484","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57014,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57014","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15485","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57020,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57020","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15486","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57023,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57023","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15487","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57028,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57028","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15488","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57032,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57032","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15489","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57041,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57041","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15490","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57049","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15491","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57052,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57052","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15492","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57061","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15493","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57063,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57063","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15494","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57066,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57066","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15495","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57067,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57067","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15496","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57070,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57070","inputVector":"","url":"https://www.dahd.gov.in/libraries","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15497","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57072,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57072","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15498","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57080,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57080","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15499","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57103,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57103","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15501","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57104,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57104","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15502","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57118,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57118","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15503","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57121,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57121","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15504","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57122,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57122","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15505","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57126,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57126","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15506","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57129,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57129","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15507","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57134","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15508","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57135","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15509","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57137,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57137","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15510","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57144,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57144","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15511","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57145","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15512","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57146,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57146","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15513","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57160,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57160","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15514","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57163","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15515","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57168,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57168","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15516","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57173,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57173","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15517","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57185,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57185","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15518","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57186,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57186","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15519","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57189,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57189","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15520","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57191,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57191","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15521","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57194,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57194","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15522","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57197,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57197","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15523","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57210,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57210","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15524","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57211,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57211","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15525","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57212,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57212","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15526","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57216,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57216","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15527","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57222","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15529","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57224,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57224","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15530","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57227,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57227","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15531","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57234,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57234","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15532","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57236,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57236","inputVector":"","url":"https://www.dahd.gov.in/modules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15533","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57245","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15534","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57248,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57248","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15535","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57250,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57250","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15536","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57254,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57254","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15537","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57258,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57258","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15538","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57262,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57262","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15539","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57263,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57263","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15540","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57266,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57266","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15541","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57268","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15542","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57270,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57270","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15543","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57274,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57274","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15544","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57277,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57277","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15545","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57289,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57289","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15546","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57294","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15548","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57298,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57298","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15549","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57299,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57299","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15550","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57301","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15551","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57303,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57303","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15552","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57305,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57305","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15553","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57311,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57311","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15554","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57312,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57312","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15555","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57313,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57313","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15556","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57317","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15557","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57322,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57322","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15558","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57326,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57326","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15559","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57327,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57327","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15560","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57330","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15561","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57331,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57331","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15562","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/libraries/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57334,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57334","inputVector":"","url":"https://www.dahd.gov.in/libraries/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15563","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57335,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57335","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15564","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57342","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15565","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57343,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57343","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15566","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57350,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57350","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15567","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57351,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57351","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15568","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57352,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57352","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15569","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57357","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15570","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57358,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57358","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15571","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57360,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57360","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15572","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57366,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57366","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15574","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57369,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57369","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15575","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57372,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57372","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15576","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57373,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57373","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15577","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57377,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57377","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15578","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57380,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57380","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15579","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57384","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15580","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57387","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15581","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57388","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15582","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57391,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57391","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15583","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57394,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57394","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15584","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57396,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57396","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15585","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57398,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57398","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15586","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57403","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15587","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57405,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57405","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15588","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57408,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57408","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15589","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57410,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57410","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15590","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57412","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15591","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57415","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15592","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57420,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57420","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15593","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57422,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57422","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15594","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57427","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15595","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57428","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15596","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57429","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15597","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57431,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57431","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15598","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57433","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15599","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57435,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57435","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15600","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57437,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57437","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15601","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57439,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57439","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15602","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57445,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57445","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15603","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57446,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57446","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15604","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57448,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57448","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15605","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57449","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15606","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57451","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15607","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57455","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15608","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57456","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15609","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57462,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57462","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15611","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57472,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57472","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15612","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57473,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57473","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15613","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57474,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57474","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15614","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57476,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57476","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15615","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57477","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15616","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57479","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15617","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57480,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57480","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15618","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57482","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15619","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57484","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15620","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57485,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57485","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15621","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57488,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57488","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15622","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57489,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57489","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15623","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57494,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57494","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15624","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57496","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15625","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57499,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57499","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15626","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57503,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57503","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15627","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57504,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57504","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15628","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57505,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57505","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15629","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57507","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15630","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57510,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57510","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15631","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57512,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57512","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15632","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57514,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57514","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15633","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57517,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57517","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15634","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57519,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57519","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15635","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57523","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15636","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57526","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15637","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":949,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57527","inputVector":"","url":"https://www.dahd.gov.in/hi/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15638","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57529,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57529","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15639","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57531,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57531","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15640","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57534,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57534","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15641","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57535,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57535","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/cmf_design/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15642","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57537","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15643","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57539,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57539","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15644","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57541,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57541","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15645","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57544,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57544","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15646","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57548,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57548","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15648","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57550,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57550","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15649","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57552","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15650","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57556","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15651","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57558","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15652","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57564,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57564","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15653","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57565","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15654","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57566,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57566","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15655","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57570,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57570","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15656","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57571,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57571","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15657","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57573,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57573","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15658","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57575","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15659","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57578,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57578","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15660","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57580,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57580","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15661","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57582,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57582","inputVector":"","url":"https://www.dahd.gov.in/modules/cmf/easy_sitemap","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15662","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57586","inputVector":"","url":"https://www.dahd.gov.in/hi/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15663","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57588,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57588","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15664","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57590,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57590","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15665","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57592,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57592","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15666","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57595,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57595","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15667","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57596","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15668","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57598,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57598","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15669","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57600","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15670","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57604,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57604","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15671","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57606,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57606","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15672","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57609","inputVector":"","url":"https://www.dahd.gov.in/hi/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15673","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57610,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57610","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15674","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57612,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57612","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15675","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57614,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57614","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15676","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57616","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15677","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57618,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57618","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15678","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57620","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15679","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57622","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15680","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57625,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57625","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15681","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57626","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15682","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57628,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57628","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15683","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57631","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15684","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57633,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57633","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15685","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57636,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57636","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15686","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57637,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57637","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15687","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57639,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57639","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15688","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57641","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15689","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57643","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15690","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57646","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15691","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/kcc-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57649","inputVector":"","url":"https://www.dahd.gov.in/kcc-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15692","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57651,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57651","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15693","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57656,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57656","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15694","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57659","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15695","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57660,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57660","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/dist/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15696","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57661","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15697","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57662,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57662","inputVector":"","url":"https://www.dahd.gov.in/modules/contrib/flexslider/assets/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15698","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57663","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15699","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57665","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15700","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57668","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15701","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57670,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57670","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15702","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57672","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15703","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57674","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15704","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57676,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57676","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15705","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57679","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15706","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57682","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15707","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/modules/password_encrypt","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":57684,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57684","inputVector":"","url":"https://www.dahd.gov.in/modules/password_encrypt","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15708","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57686","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15709","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57688","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15710","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57690","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15711","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57694","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15712","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57696","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15713","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57698","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15714","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57700","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15715","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57702","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15716","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57706","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15717","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57708","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15718","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57711","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15719","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57713","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15720","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57716","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15721","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57717","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15722","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57719","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15723","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57724","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15724","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57726","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15725","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57728","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15726","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57730","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15727","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57732","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15728","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57735","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15729","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57737","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15730","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57739","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15731","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57744","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15732","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57746","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15733","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57748","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15734","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57751","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15735","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57754","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15736","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57756","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15737","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57758","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15738","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57760","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15739","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57762","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15740","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57764","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15741","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57766","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15742","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57768","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15743","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57770","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15744","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57773","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15745","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57775","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15746","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57778","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15747","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57779","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15748","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57781","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15749","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57784","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15750","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57786","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15751","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57788","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15752","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57791","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15753","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57794","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15754","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57796","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15755","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57798","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15756","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57802","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15757","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57805","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15758","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57807","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15759","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57809","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15760","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57812","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15761","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57813","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15762","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57815","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15763","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57817","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15764","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57819","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15765","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57821","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15766","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57823","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15767","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57827","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15768","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57830","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15769","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57832","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15770","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57834","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15771","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57836","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15772","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57838","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15773","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57840","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15774","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57842","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15775","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57846","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15776","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57849","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15777","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57851","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15778","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57854","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15779","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57861","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15780","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57862","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15781","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57864","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15782","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57866","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15783","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57867","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15784","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57869","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15785","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57871","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15786","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57873","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15787","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57876","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15788","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57878","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15789","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57880","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15790","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57882","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15791","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57884","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15792","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57886","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15793","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57889","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15794","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57891","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15795","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57895","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15796","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57897","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15797","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57900","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15798","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57903","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15799","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57907","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15800","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57910","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15801","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57911","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15802","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57913","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15803","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57917","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15804","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/nlm-scheme-brochure","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":764,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57920","inputVector":"","url":"https://www.dahd.gov.in/nlm-scheme-brochure","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15805","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57923","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15806","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57924","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15807","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57927","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15808","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/2786","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57930","inputVector":"","url":"https://www.dahd.gov.in/node/2786","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15809","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57933","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15810","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57936","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15811","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57937","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15812","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57938","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15813","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/hi/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57940","inputVector":"","url":"https://www.dahd.gov.in/hi/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15814","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57942","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15815","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57944","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15816","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/monthly-cabinet-report","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":769,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57946","inputVector":"","url":"https://www.dahd.gov.in/monthly-cabinet-report","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15817","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57948","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15818","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57950","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15819","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57954","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15820","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57957","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15821","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57959","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15822","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57962","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15823","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57965","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15824","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57968","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15825","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57970","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15826","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57972","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15827","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57974","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15828","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57977","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15829","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57978","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15830","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57982","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15831","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57984","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15832","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57987","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15833","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57990","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15834","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57994","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15835","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57995","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15836","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"57998","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15837","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58000","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15838","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58002","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15839","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58005","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15840","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58006","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15841","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58008","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15842","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58010","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15843","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58013","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15844","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58017","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15845","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58018","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15846","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58021","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15847","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58026","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15848","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58028","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15849","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58030","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15850","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58042","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15851","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58043","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15852","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58044","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15853","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58045","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15854","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58046","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15855","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58047","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15856","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/4041","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":724,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58048","inputVector":"","url":"https://www.dahd.gov.in/node/4041","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15857","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58049","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15858","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58050","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15859","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58055","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15860","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58056","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15861","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58061","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15862","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58062","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15863","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58063","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15864","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58065","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15865","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58068","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15866","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58074","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15867","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58076","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15868","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58079","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15869","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/581","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58081","inputVector":"","url":"https://www.dahd.gov.in/node/581","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15870","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58085","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15871","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58087","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15872","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58090","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15873","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58092","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15874","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58095","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15875","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/582","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":768,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58101","inputVector":"","url":"https://www.dahd.gov.in/node/582","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15876","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58102","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15877","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58104","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15878","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58105","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15879","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/node/3238","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58107","inputVector":"","url":"https://www.dahd.gov.in/node/3238","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15880","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58108","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15881","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58111","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15882","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58113","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15883","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58115","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15884","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58116","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15885","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58118","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15886","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58120","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15887","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58122","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15888","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58127","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15889","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58132","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15890","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58136","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15891","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58142","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15892","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58143","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15893","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58145","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15894","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58148","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15895","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58149","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15896","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58151","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15897","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58153","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15898","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58155","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15899","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58158","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15900","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58159","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15901","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58161","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15902","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58165","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15903","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58166","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15904","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58168","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15905","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58176","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15906","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58179","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15907","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58181","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15908","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58184","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15909","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58186","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15910","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58189","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15911","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58191","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15912","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58195","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15913","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58197","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15914","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58199","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15915","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58201","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15916","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58203","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15917","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58205","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15918","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58207","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15919","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58213","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15920","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58216","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15921","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58222","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15922","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58223","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15923","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58224","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15924","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58225","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15925","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58226","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15926","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58229","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15927","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58231","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15928","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58234","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15929","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58240","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15930","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58241","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15931","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58242","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15932","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58244","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15933","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58247","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15934","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58250","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15935","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58253","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15936","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58256","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15937","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58259","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15938","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58261","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15939","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58263","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15940","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58265","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15941","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58267","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15942","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58270","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15943","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58274","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15944","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58277","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15945","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58280","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15946","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58284","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15947","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58287","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15948","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58289","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15949","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58290","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"15950","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58295","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15951","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58297","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15952","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58298","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15953","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58299","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15954","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58303","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15955","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58304","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15956","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58308","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15957","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1359,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58309","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15958","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58312","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15959","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58315","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15960","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58319","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15961","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58321","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/recruitment-rules","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15962","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58323","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15963","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58325","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15964","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58328","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15965","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58330","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15966","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58332","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15967","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58336","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15968","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":148,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58337","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15969","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58341","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15970","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1629,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58344","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15971","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58347","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15972","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58351","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15973","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58352","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15974","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58353","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15975","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58358","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15976","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58359","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15977","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58360","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15978","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58362","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15979","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58365","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"15980","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58368","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15981","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58370","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15982","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58372","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"15983","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58375","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15984","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/programmes-events","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":828,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58379","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/programmes-events","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15985","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58381","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15986","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58385","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"15987","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58388","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15988","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2449,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58390","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/appointment-interim-arrangements?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15989","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58393","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15990","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58395","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"15991","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/dms-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":882,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58397","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/dms-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15992","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58401","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15993","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58403","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"15994","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2455,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58413","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"15995","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58414","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"15996","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58415","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"15997","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58417","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"15998","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58419","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"15999","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58421","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16000","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58422","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16001","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58424","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16002","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58426","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16003","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58428","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16004","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/rules-regulation","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58433","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/rules-regulation","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16005","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58438","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16006","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58440","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16007","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58444","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16008","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58445","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16009","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58449","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16010","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58451","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16011","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58452","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16012","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58455","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16013","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58458","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16014","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58461","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16015","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58464","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16016","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58468","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16017","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58469","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16018","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58471","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16019","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58475","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16020","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58479","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16021","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58484","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16022","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58485","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16023","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58487","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16024","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58489","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16025","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58490","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16026","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58492","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16027","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/miscellaneous","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58495","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/miscellaneous","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16028","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58499","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16029","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58503","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16030","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vci-related","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":816,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58507","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vci-related","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16031","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58510","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16032","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58513","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16033","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58515","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16034","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58517","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16035","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/notifications (field_date_circular_value)","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":2456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58522","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/notifications?field_date_circular_value=1","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16036","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58525","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16037","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58526","inputVector":"","url":"https://www.dahd.gov.in/office_order_circular/vacancy_recruitment_advertisement","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16038","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58528","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16039","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58530","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16040","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58535","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16041","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58537","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16042","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58539","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16043","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58543","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16044","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58547","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16045","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58549","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16046","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58551","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16047","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58559","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16048","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1515,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58563","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16049","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58565","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16050","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58568","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16051","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58570","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16052","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58572","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16053","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58574","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16054","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58577","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16055","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58581","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16056","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58585","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16057","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58593","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16058","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58596","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16059","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58599","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-budget/ls-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16060","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58601","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16061","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58605","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16062","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58607","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16063","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58614","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16064","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58616","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16065","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58624","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16066","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58626","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16067","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58630","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16068","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1317,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58632","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16069","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58637","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16070","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58641","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16071","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58645","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16072","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58651","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16073","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58654","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16074","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58659","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16075","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58666","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16076","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58671","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16077","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58677","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16078","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58679","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16079","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58681","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16080","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58684","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16081","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58685","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16082","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58688","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16083","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58689","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-monsoon/ls-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16084","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58692","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16085","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58702","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16086","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58709","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16087","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58711","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16088","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58713","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16089","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58717","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16090","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58718","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16091","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58720","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16092","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58723","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16093","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58725","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16094","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58731","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16095","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58739","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16096","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58742","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16097","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58743","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16098","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58746","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16099","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58748","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16100","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58751","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16101","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58754","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16102","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58757","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16103","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58762","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16104","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58770","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter/ls-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16105","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58772","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16106","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58774","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16107","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58778","inputVector":"","url":"https://www.dahd.gov.in/parliament/lok-sabha-questions/ls-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16108","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58780","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16109","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58782","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16110","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58784","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16111","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58792","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16112","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58794","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16113","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58797","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16114","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58802","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16115","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58807","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16116","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58809","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16117","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58813","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16118","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58816","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16119","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58819","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16120","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58821","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16121","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58824","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16122","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58826","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16123","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58831","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16124","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58836","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16125","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58838","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16126","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58843","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16127","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58845","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16128","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58849","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16129","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58852","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16130","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58854","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16131","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58856","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16132","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58859","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16133","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58863","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16134","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58871","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16135","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58873","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16136","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58875","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16137","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58877","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16138","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58881","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16139","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58884","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16140","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58886","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16141","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58891","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16142","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58893","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16143","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58896","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16144","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58902","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16145","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58903","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16146","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58905","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16147","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58910","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16148","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58912","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16149","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58914","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16150","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58916","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16151","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58924","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16152","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58927","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16153","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58928","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16154","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58932","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16155","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58935","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16156","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58937","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16157","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58941","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16158","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58945","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16159","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58948","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16160","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58950","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16161","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58956","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16162","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58958","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16163","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58960","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16164","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58963","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16165","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58966","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16166","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58968","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16167","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58970","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16168","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58972","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16169","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58974","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16170","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58977","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16171","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58982","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16172","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58985","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16173","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58991","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16174","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58993","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16175","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58995","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16176","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"58999","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16177","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59002","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16178","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59005","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16179","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59007","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16180","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59009","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16181","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59011","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16182","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59016","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16183","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59019","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16184","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59021","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16185","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59025","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16186","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59028","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16187","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59031","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16188","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59034","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16189","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59037","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16190","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59039","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16191","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59041","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16192","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59045","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16193","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59049","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16194","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/parliament_questions","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":506,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59053","inputVector":"","url":"https://www.dahd.gov.in/parliament/parliament_questions","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16195","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59055","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16196","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59058","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16197","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59060","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16198","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59063","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2025","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16199","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59067","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16200","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59070","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16201","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59072","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16202","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59079","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16203","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59081","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-budget/rs-budget-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16204","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59083","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16205","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59087","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16206","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59091","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16207","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59096","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16208","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59103","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16209","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59105","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16210","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59107","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16211","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59114","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16212","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59119","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16213","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59125","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16214","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59127","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16215","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59130","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16216","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59136","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16217","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59143","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16218","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59146","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16219","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59150","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16220","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1400,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59161","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-monsoon/rs-monsoon-2024","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16221","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59164","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16222","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59168","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16223","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59179","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16224","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59183","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16225","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59194","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16226","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59198","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16227","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59211","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16228","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":1452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59213","inputVector":"","url":"https://www.dahd.gov.in/parliament/rajya-sabha-questions/rs-winter/rs-winter-2023","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16229","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59242","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16230","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59246","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16231","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59248","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16232","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59261","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16233","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59266","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16234","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59272","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16235","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59286","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16236","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59288","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16237","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59293","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16238","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59300","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16239","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59311","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16240","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59314,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59314","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16241","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59316","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16242","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59319","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16243","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59323","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16244","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59324,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59324","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16245","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59326","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16246","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59329","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16247","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59332","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16249","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59334,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59334","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16250","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59338","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16251","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59340","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16252","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59342,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59342","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16253","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59348","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16254","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59352,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59352","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16255","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59353,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59353","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16256","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59354","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16257","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59358","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16258","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59362,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59362","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16259","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59363","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16260","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59365,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59365","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16261","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59369","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16262","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59370","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16263","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59373,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59373","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16264","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59384,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59384","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16266","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59386,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59386","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16267","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59387","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16268","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59388","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16269","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59391","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16270","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59392","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16271","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59394","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16272","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59396,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59396","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16273","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59399,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59399","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16274","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59403","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16275","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59405","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16276","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59408","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16277","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59409","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16278","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59414","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16279","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59415","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16280","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59419,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59419","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16281","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59423,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59423","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16282","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59426","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16283","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59428","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16284","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59432,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59432","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16285","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59435","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16286","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59437","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16287","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59440,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59440","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16288","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59443","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16289","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59445,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59445","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16290","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59452","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16291","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59456,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59456","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16292","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59463,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59463","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16293","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59466,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59466","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16294","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59469","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16295","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59473,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59473","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16296","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59478","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16297","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59487,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59487","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16298","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59488","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16299","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59494","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16300","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59496","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16301","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59497,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59497","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16302","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59499,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59499","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16303","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59502,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59502","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16304","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59509","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16305","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59512","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16306","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59516","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16307","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59519","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16308","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59522","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16309","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59524,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59524","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16310","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59526","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16311","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59528","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16312","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59533","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16313","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59535,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59535","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16314","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59539","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16315","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59541,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59541","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16316","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59546,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59546","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16317","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59548","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16318","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59550","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16319","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59552,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59552","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16320","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59561,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59561","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16321","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59569","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16322","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59572,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59572","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16323","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59575","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16324","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59579","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16326","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59584,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59584","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16327","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59586","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16328","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59589","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16329","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59591","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16330","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59592,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59592","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16331","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59600","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16332","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59607,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59607","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16333","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59613,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59613","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16334","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59615","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16335","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59619","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16336","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59622,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59622","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16337","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59627,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59627","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16338","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59630","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16339","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59635,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59635","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16341","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59636","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16342","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59640","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16343","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59643","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16344","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59657,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59657","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16345","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59659","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16346","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59661","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16347","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59670","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16348","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59682","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16349","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59701","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16350","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59705","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16351","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59707","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16352","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59709,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59709","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16353","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59713,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59713","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16354","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59727","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16355","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59728","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16356","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59729,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59729","inputVector":"","url":"https://www.dahd.gov.in/sites","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16357","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59732","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16359","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59733","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16360","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59739","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16361","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59741,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59741","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16362","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59743","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16363","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59744","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16364","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59745,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59745","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16365","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59757,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59757","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16366","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59776","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16367","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59778","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16368","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59782","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16369","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59783","inputVector":"","url":"https://www.dahd.gov.in/sites/default","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16370","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59784","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16371","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59791,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59791","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16372","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59793","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16373","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59795","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16374","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59797","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16375","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59801,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59801","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16376","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59804","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16377","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59807,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59807","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16378","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59818","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16379","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59826","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16380","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59832,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59832","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16381","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59842","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16382","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59848","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16383","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59849","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16384","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59852","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16385","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59853","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16386","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/photo-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":865,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59860","inputVector":"","url":"https://www.dahd.gov.in/photo-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16387","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59864","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16388","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59867","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16389","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59868","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16390","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59879,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59879","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16391","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59881","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16392","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59884","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16393","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashu-aushadhi","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59889","inputVector":"","url":"https://www.dahd.gov.in/pashu-aushadhi","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16394","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59890","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16395","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59892,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59892","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16396","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59895","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16397","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59896","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16398","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59903","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16399","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59907","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16400","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59909,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59909","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16401","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59914","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16402","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59919","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16403","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59924","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16404","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59926","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16405","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59932,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59932","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16406","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59934","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16407","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59935","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16408","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59940","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16409","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59946","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16410","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59954,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59954","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16411","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59955","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16412","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59959","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16413","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59967","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16414","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59973,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59973","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16415","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":59991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59991","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16416","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59995","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16417","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/pashupedia","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":712,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"59999","inputVector":"","url":"https://www.dahd.gov.in/pashupedia","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16418","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60003","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16419","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60004,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60004","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16420","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60005","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16421","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60007","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16422","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60019","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16423","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60020","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/sdcfpo","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16424","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60022,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60022","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16425","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60027","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16426","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes-programmes/lhdcp","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60032","inputVector":"","url":"https://www.dahd.gov.in/schemes-programmes/lhdcp","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16427","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60035,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60035","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16428","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60039","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16429","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/npdd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60040","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/npdd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16430","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60047","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16431","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":836,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60054","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/rashtriya_gokul_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16432","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":945,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60058","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/national_livestock_mission","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16433","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60091,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60091","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16435","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60099,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60099","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16436","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60102","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16437","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60108,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60108","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16438","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60118","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16439","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60119","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16440","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60127,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60127","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16441","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60137,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60137","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16443","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60140","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16444","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60145","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16445","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60154","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16446","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60171,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60171","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16447","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/ahidf","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":951,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60172","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/ahidf","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16448","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60178,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60178","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16449","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60199,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60199","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16451","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60203,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60203","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16452","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60207","inputVector":"","url":"https://www.dahd.gov.in/schemes/programmes/animal-husbandry-statistics","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16453","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60220","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16454","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60238,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60238","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16455","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60243,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60243","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16456","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60259","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16458","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60268,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60268","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16459","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60287,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60287","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16461","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60292,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60292","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16462","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2023-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60314,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60314","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2023-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16463","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60341,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60341","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16464","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60371,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60371","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16466","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60397,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60397","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16467","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60450","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16469","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60574,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60574","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16470","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60608,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60608","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16471","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60634,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60634","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16472","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60669,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60669","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16473","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60707,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60707","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16474","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60747,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60747","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16475","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60793,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60793","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16476","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60842","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16477","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60888,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60888","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16478","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60927,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60927","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16479","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60961,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60961","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16480","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60981,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60981","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16481","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":60994,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"60994","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16482","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61001,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61001","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16483","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61033,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61033","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16484","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61063,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61063","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16485","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61079,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61079","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16486","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61093,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61093","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16487","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61097,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61097","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16488","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61111","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16489","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61119,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61119","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16490","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61125,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61125","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16491","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61131,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61131","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16492","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61140","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16493","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61147,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61147","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16494","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61154,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61154","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16495","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61160,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61160","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16496","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61170,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61170","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16497","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61174,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61174","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16498","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61180,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61180","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16499","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61187,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61187","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16500","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61196,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61196","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16501","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61198,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61198","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16502","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61207,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61207","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16503","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61212,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61212","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16504","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61215,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61215","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16505","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61220","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16506","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61226,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61226","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16507","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61232","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16508","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61242,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61242","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16509","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61243,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61243","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16510","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61252,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61252","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16511","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61259","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16512","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61271,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61271","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16513","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61278,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61278","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16514","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61288,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61288","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16515","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61292,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61292","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16516","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61295,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61295","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16517","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61307","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16518","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61311,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61311","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16519","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61323,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61323","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16520","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61332,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61332","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16521","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61350,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61350","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16522","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61378,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61378","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16523","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61381,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61381","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16524","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61426","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16525","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61475,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61475","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16526","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61514,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61514","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16527","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61539,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61539","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16528","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61564,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61564","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16529","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61790,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61790","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16530","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61806,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61806","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16531","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61822,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61822","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16532","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61849,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61849","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16533","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61877,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61877","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16534","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61878,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61878","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16535","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61894","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16536","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61897","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16537","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61920,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61920","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16538","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61921,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61921","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16539","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61944,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61944","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16540","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61946","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16541","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61982,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61982","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16542","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":61984,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"61984","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16543","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62007,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62007","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16544","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62028,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62028","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16545","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62054,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62054","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16546","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62074,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62074","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16547","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62098,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62098","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16548","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2024-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62117,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62117","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2024-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16549","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62145,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62145","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16550","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62166,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62166","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16551","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62187,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62187","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16552","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62203,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62203","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16553","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62222","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16554","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62228,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62228","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16555","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62246,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62246","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16556","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62257,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62257","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16557","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62288,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62288","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16558","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62321,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62321","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16559","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62350,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62350","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16560","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62351,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62351","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16561","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62375,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62375","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16562","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62377,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62377","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16563","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62403,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62403","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16564","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62404,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62404","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16565","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62435,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62435","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16567","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62434,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62434","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16568","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62461,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62461","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16570","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62464,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62464","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16571","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62494,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62494","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16573","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62497,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62497","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16574","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62528","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16575","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62554,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62554","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16577","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62587,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62587","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16579","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62637,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62637","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16581","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62639,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62639","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16582","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62689,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62689","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16584","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62693,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62693","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16585","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62755","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16587","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62759,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62759","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16588","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62822,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62822","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16590","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62873,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62873","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16592","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62917,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62917","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16594","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62956,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62956","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16596","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":62987,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"62987","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16597","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63008,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63008","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16598","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63032,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63032","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16599","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63063,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63063","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16600","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63084,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63084","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16601","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63140","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16602","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63174,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63174","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16603","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63194,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63194","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16604","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63206,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63206","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16605","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63211,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63211","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16606","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63220,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63220","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16607","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63232,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63232","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16608","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63240,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63240","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16609","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63247,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63247","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16610","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63251,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63251","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16611","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63259,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63259","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16612","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63263,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63263","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16613","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63268,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63268","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16614","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63283,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63283","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16615","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63288,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63288","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16616","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63294,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63294","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16617","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63302,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63302","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16618","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63305,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63305","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16619","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63320,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63320","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16620","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63322,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63322","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16621","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63330,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63330","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16622","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63339,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63339","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16623","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63342,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63342","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16624","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63352,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63352","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16625","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63365,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63365","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16626","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63374,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63374","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16627","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63375,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63375","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16628","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63387","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16629","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63390,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63390","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16630","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63396,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63396","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16631","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63406,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63406","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16632","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63410,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63410","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16633","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63420,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63420","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16634","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63428,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63428","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16635","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63431,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63431","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16636","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63439,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63439","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16637","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63458,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63458","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16638","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63461,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63461","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16639","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-06","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63463,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63463","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-06","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16640","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63469,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63469","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16641","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63482,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63482","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16642","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63494,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63494","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16643","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63500","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16644","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63508,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63508","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16645","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63512,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63512","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16646","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63519,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63519","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16647","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63530,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63530","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16648","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63533,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63533","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16649","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63534,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63534","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16650","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63539,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63539","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16651","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63558,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63558","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16652","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63563,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63563","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16653","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63565,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63565","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16654","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63564,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63564","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16655","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63582,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63582","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16656","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63591,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63591","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16657","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63593,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63593","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16658","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-07","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63594,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63594","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-07","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16659","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63604,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63604","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16660","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63607,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63607","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16661","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63611,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63611","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16662","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63620","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16663","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63630,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63630","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16664","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63636,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63636","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16665","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-09","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63646,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63646","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-09","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16666","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63650,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63650","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16667","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-08","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63651,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63651","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-08","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16668","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63671,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63671","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16669","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63703","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16670","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63736,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63736","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16671","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63777,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63777","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16672","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-10","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":63814,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"63814","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-10","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16673","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64073,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64073","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16674","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64085,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64085","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16675","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64090,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64090","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16676","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64106,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64106","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16677","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64114,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64114","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16678","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64150,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64150","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16679","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64158,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64158","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16680","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64200,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64200","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16681","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64202,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64202","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16682","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64244,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64244","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16683","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64248,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64248","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16684","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64294,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64294","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16685","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64299,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64299","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16686","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64341,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64341","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16687","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64350,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64350","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16688","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64398,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64398","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16689","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64404,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64404","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16690","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64450","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16691","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64454,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64454","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16692","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-11","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64490,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64490","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-11","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16693","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64494,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64494","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16694","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64526","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16695","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64555,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64555","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16696","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2025-12","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64576,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64576","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2025-12","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16697","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64599,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64599","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16698","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64612,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64612","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16699","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64620,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64620","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16700","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64641,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64641","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16701","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64656,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64656","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16702","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64669,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64669","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16703","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64691,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64691","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16704","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64730,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64730","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16705","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64746,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64746","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16706","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64773,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64773","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16707","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64791,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64791","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16708","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64800,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64800","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16709","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64819,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64819","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16710","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64826,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64826","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16711","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-01","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64841,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64841","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-01","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16712","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64862","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16713","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64905,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64905","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16714","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64947,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64947","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16715","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":64983,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"64983","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16716","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65009,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65009","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16717","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65040,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65040","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16718","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65068,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65068","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16719","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65098,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65098","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16720","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65128,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65128","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16721","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65215,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65215","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16722","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65235,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65235","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16723","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65238,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65238","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16724","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65256,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65256","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16725","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65260,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65260","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16726","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65261,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65261","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16727","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65272,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65272","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16728","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65279,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65279","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16729","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65281,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65281","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16730","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65295,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65295","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16731","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65298,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65298","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16732","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65299,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65299","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16733","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65300,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65300","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16734","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65304,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65304","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16735","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65307,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65307","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16736","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65310,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65310","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16737","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65311,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65311","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16738","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65315,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65315","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16739","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65319,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65319","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16740","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65322,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65322","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16741","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65324,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65324","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16742","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65338,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65338","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16743","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65339,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65339","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16744","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65341,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65341","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16745","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65347,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65347","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16746","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65352,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65352","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16747","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65367,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65367","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16748","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65373,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65373","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16749","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65375,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65375","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16750","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65376,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65376","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16751","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65377,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65377","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16752","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65381,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65381","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16753","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65399,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65399","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16754","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65402,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65402","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16755","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65411,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65411","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16756","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65413,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65413","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16757","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65414,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65414","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16758","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65415,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65415","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16759","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65431,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65431","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16760","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65437,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65437","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16761","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65438,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65438","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16762","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65443,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65443","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16763","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65451,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65451","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16764","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65452,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65452","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16765","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65453,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65453","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16766","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65464,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65464","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16767","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65472,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65472","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16768","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65479,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65479","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16769","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65480,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65480","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16770","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65488,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65488","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16771","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65489,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65489","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16772","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65490,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65490","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16773","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65491,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65491","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16774","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65500,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65500","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16775","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65514,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65514","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AnnualActionPlan","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16776","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65517,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65517","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16777","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65520,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65520","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16778","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65526,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65526","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16779","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65535,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65535","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16780","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65536,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65536","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16781","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65537,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65537","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16782","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65541,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65541","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16783","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65558,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65558","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16784","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65568,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65568","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16785","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65575,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65575","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16786","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65582,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65582","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/AppraisalOfSchemes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16787","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65584,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65584","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16788","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65583,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65583","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16789","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65588,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65588","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16790","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65604,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65604","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16791","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65618,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65618","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16792","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65622,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65622","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16793","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65628,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65628","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16794","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65630,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65630","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16795","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65638,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65638","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16796","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65649,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65649","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/CSNA","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16797","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65662,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65662","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16798","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65663,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65663","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16799","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65667,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65667","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16800","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65673,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65673","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16801","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65674,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65674","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16802","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65678,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65678","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16803","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65699,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65699","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16804","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65702,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65702","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16805","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65703","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16806","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65707,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65707","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16807","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65708,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65708","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16808","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65711,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65711","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16809","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65730,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65730","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16810","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65733,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65733","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16811","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65734,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65734","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16812","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65737,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65737","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/DoEManualOfProcurments","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16813","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65738,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65738","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16814","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65740,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65740","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16815","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65760,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65760","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16816","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65761,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65761","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16817","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65762,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65762","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16818","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65763,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65763","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16819","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65765","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16820","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65778,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65778","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16821","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65783,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65783","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/FlexiFund","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16822","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65785,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65785","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16823","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65786,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65786","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16824","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65787,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65787","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16825","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65792,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65792","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16826","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65798","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16827","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65807,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65807","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16828","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65811,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65811","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16829","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65812,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65812","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16830","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65814,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65814","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16831","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65815,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65815","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/MeetingConferenceEtc","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16832","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65830","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16833","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65834,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65834","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16834","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65842","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16835","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65844,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65844","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16836","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65843","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16837","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65857,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65857","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16838","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65860","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16839","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65861,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65861","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16840","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65871,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65871","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16841","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65875,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65875","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/ProposalsOfWorkshopAbove40Lakh","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16842","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65883,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65883","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16843","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65889,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65889","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16844","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65891,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65891","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16845","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65903,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65903","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16846","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65913,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65913","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16847","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65918,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65918","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16848","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65921,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65921","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/RevivalAbolitionOfPostEtcDoEOM","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16849","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65933,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65933","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16850","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65943,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65943","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16851","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65950","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16852","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65965,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65965","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16853","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65972,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65972","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16854","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65982,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65982","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/SNASParshCentallySponsoredScheme","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16855","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":65995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"65995","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16856","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66006,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66006","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16857","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66028,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66028","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16858","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66038,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66038","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16859","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66056,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66056","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16860","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66070,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66070","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16861","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66081,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66081","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16862","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66096,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66096","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-02/budget-ifd/UTWithoutLegislature","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16863","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66111,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66111","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16864","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-03","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66142,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66142","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-03","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16865","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66149,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66149","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16866","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66172,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66172","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16867","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66191,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66191","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16868","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66211,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66211","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16869","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66231","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16870","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66250,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66250","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16871","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66269,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66269","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16872","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66293,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66293","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16873","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66327,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66327","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16874","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66346,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66346","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16875","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66380,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66380","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16876","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-04","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66405,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66405","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-04","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16877","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66421,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66421","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16878","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66444","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16879","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66470,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66470","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16880","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66498,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66498","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16881","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66525,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66525","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16882","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66545,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66545","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16883","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66567,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66567","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16884","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66590,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66590","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16885","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66611,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66611","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16886","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66634,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66634","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16887","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66659,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66659","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16888","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/2026-05","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66686,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66686","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/2026-05","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16889","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66736,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66736","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16890","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66766,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66766","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16891","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66779,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66779","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16892","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66792,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66792","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16893","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66798","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16894","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66801,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66801","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16895","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66815,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66815","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16896","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66820,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66820","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16897","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66825,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66825","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16898","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66827,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66827","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16899","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66838,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66838","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16900","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66842,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66842","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16901","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66843","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16902","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66845,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66845","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16903","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66850","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16904","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66860,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66860","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16905","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66862,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66862","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16906","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66863,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66863","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16907","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66866,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66866","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16908","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66870,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66870","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16909","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66872,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66872","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16910","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66876,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66876","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16911","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66879,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66879","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16912","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66887,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66887","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16913","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66891,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66891","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16914","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66892,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66892","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16915","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66894,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66894","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16916","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66900,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66900","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16917","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66908,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66908","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16918","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66912,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66912","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16919","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66916,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66916","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16920","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66919,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66919","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16921","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66925,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66925","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16922","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66926,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66926","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16923","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66931,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66931","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16924","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66936,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66936","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16925","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66940,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66940","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16926","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66946,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66946","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16927","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66950,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66950","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16928","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66958,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66958","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16929","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66962,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66962","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16930","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66965,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66965","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16931","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66966,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66966","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16932","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66978,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66978","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16933","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66979,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66979","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16934","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66992,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66992","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16935","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66995,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66995","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16936","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66996,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66996","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16937","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":66997,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"66997","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16938","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67003,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67003","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16939","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67010,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67010","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16940","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67027,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67027","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16941","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67045,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67045","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16942","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67048,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67048","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16943","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67053,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67053","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16944","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67055,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67055","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16945","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/sites/default/files/languages","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67058,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67058","inputVector":"","url":"https://www.dahd.gov.in/sites/default/files/languages","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16946","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67059,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67059","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16947","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67076,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67076","inputVector":"","url":"https://www.dahd.gov.in/themes","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16948","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67081,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67081","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16949","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67082,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67082","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16950","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67096,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67096","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16951","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67097,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67097","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16952","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67118,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67118","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"16953","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67132,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67132","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16954","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67137,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67137","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16955","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67138,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67138","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16956","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67157,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67157","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"16957","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67175,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67175","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16958","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67176,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67176","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16959","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67192,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67192","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"16960","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/classy/css/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67222,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67222","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/classy/css/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"16961","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67302,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67302","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16962","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67322,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67322","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16963","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67325,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67325","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16964","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67336,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67336","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16965","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67346,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67346","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16966","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67353,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67353","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16967","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67356,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67356","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16968","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67357,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67357","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16969","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67364,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67364","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16970","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67369,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67369","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16971","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67371,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67371","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16972","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67373,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67373","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16973","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67374,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67374","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16974","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67381,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67381","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16975","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67383,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67383","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16976","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67387,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67387","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16977","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67388,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67388","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16978","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67389,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67389","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16979","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67392","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16980","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67399,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67399","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16981","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67401,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67401","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16982","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67404,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67404","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16983","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67407,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67407","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16984","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67409,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67409","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16985","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67412,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67412","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16986","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67413,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67413","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16987","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67416,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67416","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16988","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67419,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67419","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16989","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67426,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67426","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16990","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67427,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67427","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"16991","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67430,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67430","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"16992","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67433,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67433","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16993","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67438,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67438","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"16994","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67439,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67439","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"16995","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67441,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67441","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"16996","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67444,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67444","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16997","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67447,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67447","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"16998","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67454,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67454","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"16999","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67457,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67457","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17000","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67459,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67459","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17001","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67460,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67460","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17002","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67463,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67463","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17003","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67470,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67470","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17004","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67473,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67473","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17005","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67484,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67484","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17006","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67487,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67487","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17007","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67488,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67488","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17008","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67494,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67494","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17009","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67495,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67495","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17010","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67496,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67496","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17011","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67497,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67497","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17012","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67510,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67510","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17013","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67520,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67520","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17014","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67525,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67525","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17015","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67527,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67527","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17016","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67528,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67528","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17017","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67531,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67531","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17018","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67534,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67534","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17019","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67537,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67537","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17020","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67569,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67569","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17021","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67573,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67573","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17022","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67574,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67574","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17023","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67575,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67575","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17024","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67576,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67576","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17025","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67577,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67577","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17026","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67586,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67586","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17027","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67587,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67587","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17028","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67612,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67612","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17029","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67615,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67615","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17030","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67616,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67616","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17031","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67617,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67617","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17032","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67618,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67618","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17033","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67619,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67619","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17034","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67644,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67644","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17035","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67653,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67653","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17036","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67654,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67654","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17037","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67678,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67678","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17038","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67680,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67680","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17039","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67682,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67682","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17040","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67691,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67691","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17041","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67695,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67695","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17042","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67701,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67701","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17043","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67703,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67703","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17044","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67731,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67731","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17045","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67734,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67734","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17046","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67741,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67741","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17047","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67742,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67742","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17048","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67754,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67754","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17049","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67755,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67755","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17050","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67756,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67756","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17051","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67757,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67757","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17052","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67775,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67775","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17053","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67776,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67776","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17054","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67793,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67793","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17055","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67795,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67795","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17056","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67796,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67796","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17057","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67797,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67797","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/core/assets/vendor/normalize-css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17058","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67798,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67798","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17059","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67820,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67820","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17060","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67822,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67822","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17061","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67827,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67827","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17062","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67830,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67830","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17063","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67831,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67831","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17064","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67833,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67833","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17065","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67843,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67843","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17066","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67850,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67850","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17067","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67853,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67853","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17068","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67854,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67854","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17069","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67855,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67855","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17070","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67864,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67864","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17071","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67868,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67868","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17072","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67875,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67875","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17073","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67876,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67876","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/system/components","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17074","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67877,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67877","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17075","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67893,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67893","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17076","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67895,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67895","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17078","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67896,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67896","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17079","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67897,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67897","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17080","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67904,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67904","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17081","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67907,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67907","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17082","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67908,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67908","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17083","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67914,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67914","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17084","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67919,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67919","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17085","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67921,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67921","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17086","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67927,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67927","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17088","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67934,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67934","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17089","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67937,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67937","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17090","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67938,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67938","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17091","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67955,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67955","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17092","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67956,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67956","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17093","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67957,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67957","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17094","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67959,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67959","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17095","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67961,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67961","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17096","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67973,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67973","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17097","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67974,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67974","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17098","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67979,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67979","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17099","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67989,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67989","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17100","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67991,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67991","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17101","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":67994,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"67994","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17102","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68005,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68005","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17103","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68011,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68011","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17104","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68013,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68013","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17105","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68016,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68016","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17106","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68025,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68025","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17107","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68026,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68026","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17108","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68030,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68030","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17109","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68038,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68038","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17110","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68046,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68046","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17111","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/css","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68062,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68062","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/css","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17112","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68065,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68065","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17113","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68066,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68066","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17114","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68073,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68073","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17115","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68075","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17116","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68093,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68093","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17118","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68094,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68094","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17119","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68095","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17120","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68097,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68097","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17121","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68099","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17122","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68119","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17123","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68121,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68121","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17124","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68137","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17126","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68138,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68138","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17127","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68139","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17128","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68140,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68140","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17129","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68142","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17130","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68163,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68163","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17131","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68179,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68179","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17132","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68193,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68193","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17133","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68195","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17134","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68198,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68198","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17135","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68200","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17136","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68201","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17137","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68203","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17139","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/contrib/stable/css/views","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68213,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68213","inputVector":"","url":"https://www.dahd.gov.in/themes/contrib/stable/css/views","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17140","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68221,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68221","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17141","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68222","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","name":"User Agent Fuzzer","risk":"Informational","id":"17142","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68231,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68231","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17143","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68242,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68242","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17144","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68249","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17145","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68252","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17146","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68253","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17147","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68266,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68266","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17148","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68272,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68272","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17149","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68286","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17151","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68287","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)","name":"User Agent Fuzzer","risk":"Informational","id":"17152","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68289,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68289","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17153","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68293","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17154","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68298,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68298","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17155","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68309","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17156","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68310,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68310","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17157","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68319,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68319","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17158","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68320","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17159","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68326,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68326","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17160","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68336","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17161","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68341,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68341","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17162","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68345","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17163","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68353,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68353","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17165","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68359","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17166","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68360","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17167","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68361","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17168","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68367,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68367","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17169","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68374","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17170","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68391","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko","name":"User Agent Fuzzer","risk":"Informational","id":"17171","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68392,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68392","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17172","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68393,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68393","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17173","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68394","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17174","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68396","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17175","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68397","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17176","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68399","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17178","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/js","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68404,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68404","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/js","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17179","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68409","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17180","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68413","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17181","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68415","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0","name":"User Agent Fuzzer","risk":"Informational","id":"17182","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68418","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17183","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68420","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17185","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68429","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17186","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68433","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17187","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68439","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17189","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68441","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17190","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68442","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17191","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/themes/mindahd/images/icons","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":68450,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68450","inputVector":"","url":"https://www.dahd.gov.in/themes/mindahd/images/icons","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17192","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68452","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17193","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68455","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)","name":"User Agent Fuzzer","risk":"Informational","id":"17194","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68456","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17195","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68458","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17196","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68461","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17197","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68465","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17199","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68467","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17200","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68472","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"msnbot/1.1 (+http://search.msn.com/msnbot.htm)","name":"User Agent Fuzzer","risk":"Informational","id":"17201","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68473","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17202","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/website-policy","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":717,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68477","inputVector":"","url":"https://www.dahd.gov.in/website-policy","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17203","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/whats-new","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":765,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68478","inputVector":"","url":"https://www.dahd.gov.in/whats-new","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17204","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/video-gallery","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":799,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68485","inputVector":"","url":"https://www.dahd.gov.in/video-gallery","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17206","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68489","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17207","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68490","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)","name":"User Agent Fuzzer","risk":"Informational","id":"17208","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/web-information-manager","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":716,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68493","inputVector":"","url":"https://www.dahd.gov.in/web-information-manager","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17209","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68496","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16","name":"User Agent Fuzzer","risk":"Informational","id":"17210","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68502","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4","name":"User Agent Fuzzer","risk":"Informational","id":"17211","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68505","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0","name":"User Agent Fuzzer","risk":"Informational","id":"17212","alertRef":"10104"},{"nodeName":"https://www.dahd.gov.in/who-s-who","sourceid":"1","other":"","method":"GET","evidence":"","pluginId":"10104","cweid":"0","confidence":"Medium","sourceMessageId":349,"wascid":"0","description":"Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.","messageId":"68507","inputVector":"","url":"https://www.dahd.gov.in/who-s-who","tags":{"POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CUSTOM_PAYLOADS":""},"reference":"https://owasp.org/wstg","solution":"","alert":"User Agent Fuzzer","param":"Header User-Agent","attack":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36","name":"User Agent Fuzzer","risk":"Informational","id":"17213","alertRef":"10104"}]},"vulnerability_types":{"Content Security Policy (CSP) Header Not Set":299,"Cross-Domain JavaScript Source File Inclusion":301,"Information Disclosure - Suspicious Comments":725,"Modern Web Application":297,"Sub Resource Integrity Attribute Missing":895,"Timestamp Disclosure - Unix":24,"User Controllable HTML Element Attribute (Potential XSS)":3,"Re-examine Cache-control Directives":4,"User Agent Fuzzer":3888},"owasp_top10":{"Unmapped / Other":6436}},"reports":{"status":"completed","files":{"json":"results/zap_reports/zap_report.json","csv":"results/zap_reports/zap_report.csv","xml":"results/zap_reports/zap_report.xml","html":"results/zap_reports/zap_report.html","summary":"results/zap_reports/zap_summary.txt"}}}},"summary":""},{"_id":{"$oid":"6a1f2241a09683cfe61771d8"},"created_at":{"$date":"2026-06-02T18:34:41.723Z"},"url":"https://onmark.co.in/nmu/","tool":"owaspzap","result":{"status":"completed","target_url":"https://onmark.co.in/nmu/","scan_timestamp":"20260602_182857","output_directory":"results/zap_reports","scan_results":{"traditional_spider":{"scan_id":"0","status":"completed","urls_found":12,"urls_list":["https://onmark.co.in/robots.txt","https://onmark.co.in/sitemap.xml","https://onmark.co.in/nmu/","https://onmark.co.in/nmu/assets/css/font-awesome.css","https://onmark.co.in/nmu/assets/images/nmu_logo.ico","https://onmark.co.in/nmu/assets/images/nmu_logo.png","https://onmark.co.in/nmu/assets/js/bootstrap.min.js","https://onmark.co.in/nmu/assets/js/jquery.min.js","https://onmark.co.in/nmu/assets/css/main.css","https://onmark.co.in/nmu/assets/css/bootstrap.css","https://onmark.co.in/nmu/signin","https://onmark.co.in/nmu/user"],"duration":20.03806781768799},"ajax_spider":{"status":"completed","urls_found":0,"urls_list":[],"duration":75.06971788406372},"passive_scan":{"status":"completed","duration":0.007308006286621094},"websocket":{"status":"completed","websocket_channels":0,"details":{"channels_found":0,"channels":[]}},"port_scan":{"status":"completed","target_host":"onmark.co.in","open_ports":[443],"ports_scanned":[80,443,8080,8443,3000,5000,8000,9000]},"fuzzing":{"status":"completed","fuzzed_urls":0,"results":[]},"active_scan":{"scan_id":"0","status":"completed","duration":120.03332543373108},"vulnerabilities":{"total_alerts":123,"high_risk":0,"medium_risk":16,"low_risk":23,"informational":84,"alerts_by_risk":{"High":[],"Medium":[{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"0","alertRef":"10020-1"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":1,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"1","alertRef":"10038-1"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"password\" \"username\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":1,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"6","alertRef":"10202"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"10","alertRef":"90003"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":1,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"11","alertRef":"90003"},{"nodeName":"https://onmark.co.in/nmu/assets/js/bootstrap.min.js","sourceid":"3","other":"The identified library bootstrap, version 3.3.6 is vulnerable.\nCVE-2019-8331\nCVE-2018-14040\nCVE-2018-20677\nCVE-2018-20676\nCVE-2018-14042\nCVE-2016-10735\nCVE-2024-6485\nhttps://github.com/twbs/bootstrap/issues/28236\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6485\nhttps://www.herodevs.com/vulnerability-directory/cve-2024-6485\nhttps://github.com/twbs/bootstrap/issues/20184\nhttps://github.com/advisories/GHSA-vxmc-5x29-h64v\nhttps://github.com/advisories/GHSA-ph58-4vrj-w6hr\nhttps://github.com/twbs/bootstrap\nhttps://github.com/twbs/bootstrap/issues/20631\nhttps://github.com/advisories/GHSA-4p24-vmcr-4gqj\nhttps://github.com/advisories/GHSA-9v3m-8fp8-mj99\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20676\n","method":"GET","evidence":"* Bootstrap v3.3.6","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":21,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"21","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/bootstrap.min.js","tags":{"CVE-2019-8331":"https://nvd.nist.gov/vuln/detail/CVE-2019-8331","CVE-2018-14040":"https://nvd.nist.gov/vuln/detail/CVE-2018-14040","CVE-2018-20677":"https://nvd.nist.gov/vuln/detail/CVE-2018-20677","CVE-2018-20676":"https://nvd.nist.gov/vuln/detail/CVE-2018-20676","CVE-2018-14042":"https://nvd.nist.gov/vuln/detail/CVE-2018-14042","CVE-2016-10735":"https://nvd.nist.gov/vuln/detail/CVE-2016-10735","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","CVE-2024-6485":"https://nvd.nist.gov/vuln/detail/CVE-2024-6485","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","POLICY_QA_STD":"","POLICY_PENTEST":"","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"40","alertRef":"10003"},{"nodeName":"https://onmark.co.in/nmu/assets/js/jquery.min.js","sourceid":"3","other":"The identified library jquery, version 1.11.3 is vulnerable.\nCVE-2020-11023\nCVE-2015-9251\nCVE-2019-11358\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttp://research.insecurelabs.org/jquery/test/\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/advisories/GHSA-rmxg-73gg-4p98\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b\nhttps://bugs.jquery.com/ticket/11974\nhttps://github.com/jquery/jquery.com/issues/162\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\n","method":"GET","evidence":"/*! jQuery v1.11.3","pluginId":"10003","cweid":"1395","confidence":"Medium","sourceMessageId":24,"wascid":"-1","description":"The identified library appears to be vulnerable.","messageId":"24","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/jquery.min.js","tags":{"CVE-2020-11023":"https://nvd.nist.gov/vuln/detail/CVE-2020-11023","OWASP_2017_A09":"https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html","POLICY_QA_STD":"","OWASP_2021_A06":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","POLICY_PENTEST":"","CWE-1395":"https://cwe.mitre.org/data/definitions/1395.html","CVE-2015-9251":"https://nvd.nist.gov/vuln/detail/CVE-2015-9251","CVE-2019-11358":"https://nvd.nist.gov/vuln/detail/CVE-2019-11358","OWASP_2025_A03":"https://owasp.org/Top10/2025/A03_2025-Software_Supply_Chain_Failures/","POLICY_DEV_STD":""},"reference":"https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/","solution":"Upgrade to the latest version of the affected library.","alert":"Vulnerable JS Library","param":"","attack":"","name":"Vulnerable JS Library","risk":"Medium","id":"43","alertRef":"10003"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10020","cweid":"1021","confidence":"Medium","sourceMessageId":31,"wascid":"15","description":"The response does not protect against 'ClickJacking' attacks. It should include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","CWE-1021":"https://cwe.mitre.org/data/definitions/1021.html","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-CLNT-09":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options","solution":"Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\nIf you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's \"frame-ancestors\" directive.","alert":"Missing Anti-clickjacking Header","param":"x-frame-options","attack":"","name":"Missing Anti-clickjacking Header","risk":"Medium","id":"44","alertRef":"10020-1"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10038","cweid":"693","confidence":"High","sourceMessageId":31,"wascid":"15","description":"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP\nhttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\nhttps://www.w3.org/TR/CSP/\nhttps://w3c.github.io/webappsec-csp/\nhttps://web.dev/articles/csp\nhttps://caniuse.com/#feat=contentsecuritypolicy\nhttps://content-security-policy.com/","solution":"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.","alert":"Content Security Policy (CSP) Header Not Set","param":"","attack":"","name":"Content Security Policy (CSP) Header Not Set","risk":"Medium","id":"48","alertRef":"10038-1"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token, _csrfToken] was found in the following HTML form: [Form 1: \"password\" \"username\" ].","method":"GET","evidence":"","pluginId":"10202","cweid":"352","confidence":"Low","sourceMessageId":31,"wascid":"9","description":"No Anti-CSRF tokens were found in a HTML submission form.\nA cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.\n\nCSRF attacks are effective in a number of situations, including:\n * The victim has an active session on the target site.\n * The victim is authenticated via HTTP auth on the target site.\n * The victim is on the same local network as the target site.\n\nCSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","WSTG-v42-SESS-05":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","CWE-352":"https://cwe.mitre.org/data/definitions/352.html","POLICY_DEV_STD":""},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/352.html","solution":"Phase: Architecture and Design\nUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.\nFor example, use anti-CSRF packages such as the OWASP CSRFGuard.\n\nPhase: Implementation\nEnsure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.\n\nPhase: Architecture and Design\nGenerate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).\nNote that this can be bypassed using XSS.\n\nIdentify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.\nNote that this can be bypassed using XSS.\n\nUse the ESAPI Session Management control.\nThis control includes a component for CSRF.\n\nDo not use the GET method for any request that triggers a state change.\n\nPhase: Implementation\nCheck the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","alert":"Absence of Anti-CSRF Tokens","param":"","attack":"","name":"Absence of Anti-CSRF Tokens","risk":"Medium","id":"50","alertRef":"10202"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":31,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"54","alertRef":"90003"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"90003","cweid":"345","confidence":"High","sourceMessageId":31,"wascid":"15","description":"The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"CWE-345":"https://cwe.mitre.org/data/definitions/345.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity","solution":"Provide a valid integrity attribute to the tag.","alert":"Sub Resource Integrity Attribute Missing","param":"","attack":"","name":"Sub Resource Integrity Attribute Missing","risk":"Medium","id":"55","alertRef":"90003"},{"nodeName":"https://onmark.co.in/nmu/assets/css/","sourceid":"1","other":"","method":"GET","evidence":"Parent Directory","pluginId":"0","cweid":"548","confidence":"Medium","sourceMessageId":638,"wascid":"48","description":"It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.","messageId":"638","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_API":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","CWE-548":"https://cwe.mitre.org/data/definitions/548.html","POLICY_PENTEST":"","API_2023_API8":"https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","POLICY_QA_CICD":"","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#options","solution":"Disable directory browsing. If this is required, make sure the listed files does not induce risks.","alert":"Directory Browsing","param":"","attack":"https://onmark.co.in/nmu/assets/css/","name":"Directory Browsing","risk":"Medium","id":"59","alertRef":"0"},{"nodeName":"https://onmark.co.in/nmu/assets/","sourceid":"1","other":"","method":"GET","evidence":"Parent Directory","pluginId":"0","cweid":"548","confidence":"Medium","sourceMessageId":647,"wascid":"48","description":"It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.","messageId":"647","inputVector":"","url":"https://onmark.co.in/nmu/assets/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_API":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","CWE-548":"https://cwe.mitre.org/data/definitions/548.html","POLICY_PENTEST":"","API_2023_API8":"https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","POLICY_QA_CICD":"","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#options","solution":"Disable directory browsing. If this is required, make sure the listed files does not induce risks.","alert":"Directory Browsing","param":"","attack":"https://onmark.co.in/nmu/assets/","name":"Directory Browsing","risk":"Medium","id":"60","alertRef":"0"},{"nodeName":"https://onmark.co.in/nmu/assets/images/","sourceid":"1","other":"","method":"GET","evidence":"Parent Directory","pluginId":"0","cweid":"548","confidence":"Medium","sourceMessageId":654,"wascid":"48","description":"It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.","messageId":"654","inputVector":"","url":"https://onmark.co.in/nmu/assets/images/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_API":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","CWE-548":"https://cwe.mitre.org/data/definitions/548.html","POLICY_PENTEST":"","API_2023_API8":"https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","POLICY_QA_CICD":"","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#options","solution":"Disable directory browsing. If this is required, make sure the listed files does not induce risks.","alert":"Directory Browsing","param":"","attack":"https://onmark.co.in/nmu/assets/images/","name":"Directory Browsing","risk":"Medium","id":"61","alertRef":"0"},{"nodeName":"https://onmark.co.in/nmu/assets/js/","sourceid":"1","other":"","method":"GET","evidence":"Parent Directory","pluginId":"0","cweid":"548","confidence":"Medium","sourceMessageId":655,"wascid":"48","description":"It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.","messageId":"655","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_API":"","POLICY_QA_STD":"","POLICY_QA_FULL":"","CWE-548":"https://cwe.mitre.org/data/definitions/548.html","POLICY_PENTEST":"","API_2023_API8":"https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","POLICY_QA_CICD":"","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html"},"reference":"https://httpd.apache.org/docs/current/mod/core.html#options","solution":"Disable directory browsing. If this is required, make sure the listed files does not induce risks.","alert":"Directory Browsing","param":"","attack":"https://onmark.co.in/nmu/assets/js/","name":"Directory Browsing","risk":"Medium","id":"62","alertRef":"0"}],"Low":[{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: PHPSESSID","pluginId":"10010","cweid":"1004","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"CWE-1004":"https://cwe.mitre.org/data/definitions/1004.html","OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-community/HttpOnly","solution":"Ensure that the HttpOnly flag is set for all cookies.","alert":"Cookie No HttpOnly Flag","param":"PHPSESSID","attack":"","name":"Cookie No HttpOnly Flag","risk":"Low","id":"2","alertRef":"10010"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: PHPSESSID","pluginId":"10054","cweid":"1275","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","POLICY_QA_STD":"","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-1275":"https://cwe.mitre.org/data/definitions/1275.html","OWASP_2025_A01":"https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/","OWASP_2017_A05":"https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html","POLICY_DEV_STD":""},"reference":"https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site","solution":"Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.","alert":"Cookie without SameSite Attribute","param":"PHPSESSID","attack":"","name":"Cookie without SameSite Attribute","risk":"Low","id":"3","alertRef":"10054-1"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"Set-Cookie: PHPSESSID","pluginId":"10011","cweid":"614","confidence":"Medium","sourceMessageId":1,"wascid":"13","description":"A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","CWE-614":"https://cwe.mitre.org/data/definitions/614.html","WSTG-v42-SESS-02":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/","POLICY_DEV_STD":""},"reference":"https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html","solution":"Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.","alert":"Cookie Without Secure Flag","param":"PHPSESSID","attack":"","name":"Cookie Without Secure Flag","risk":"Low","id":"4","alertRef":"10011"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"5","alertRef":"10017"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":1,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"9","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":1,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"1","inputVector":"","url":"https://onmark.co.in/nmu/","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"12","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/images/nmu_logo.ico","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":18,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"18","inputVector":"","url":"https://onmark.co.in/nmu/assets/images/nmu_logo.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"23","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/images/nmu_logo.ico","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":18,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"18","inputVector":"","url":"https://onmark.co.in/nmu/assets/images/nmu_logo.ico","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"25","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/images/nmu_logo.png","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":20,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"20","inputVector":"","url":"https://onmark.co.in/nmu/assets/images/nmu_logo.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"27","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/css/font-awesome.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":15,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"15","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/font-awesome.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"29","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/css/font-awesome.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":15,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"15","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/font-awesome.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"33","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/images/nmu_logo.png","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":20,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"20","inputVector":"","url":"https://onmark.co.in/nmu/assets/images/nmu_logo.png","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"35","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/js/bootstrap.min.js","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":21,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"21","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/bootstrap.min.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"38","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/js/bootstrap.min.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":21,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"21","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/bootstrap.min.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"39","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/js/jquery.min.js","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":24,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"24","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/jquery.min.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"41","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/js/jquery.min.js","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":24,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"24","inputVector":"","url":"https://onmark.co.in/nmu/assets/js/jquery.min.js","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"42","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/css/main.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":27,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"27","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/main.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"45","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/css/main.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":27,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"27","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/main.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"46","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10017","cweid":"829","confidence":"Medium","sourceMessageId":31,"wascid":"15","description":"The page includes one or more script files from a third-party domain.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"OWASP_2025_A08":"https://owasp.org/Top10/2025/A08_2025-Software_or_Data_Integrity_Failures/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","OWASP_2021_A08":"https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/","CWE-829":"https://cwe.mitre.org/data/definitions/829.html","POLICY_DEV_STD":""},"reference":"","solution":"Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.","alert":"Cross-Domain JavaScript Source File Inclusion","param":"https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.bundle.min.js","attack":"","name":"Cross-Domain JavaScript Source File Inclusion","risk":"Low","id":"49","alertRef":"10017"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":31,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"53","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/user","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":31,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"31","inputVector":"","url":"https://onmark.co.in/nmu/user","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"56","alertRef":"10021"},{"nodeName":"https://onmark.co.in/nmu/assets/css/bootstrap.css","sourceid":"3","other":"","method":"GET","evidence":"","pluginId":"10035","cweid":"319","confidence":"High","sourceMessageId":28,"wascid":"15","description":"HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.","messageId":"28","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/bootstrap.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-319":"https://cwe.mitre.org/data/definitions/319.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\nhttps://owasp.org/www-community/Security_Headers\nhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\nhttps://caniuse.com/stricttransportsecurity\nhttps://datatracker.ietf.org/doc/html/rfc6797","solution":"Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.","alert":"Strict-Transport-Security Header Not Set","param":"","attack":"","name":"Strict-Transport-Security Header Not Set","risk":"Low","id":"57","alertRef":"10035-1"},{"nodeName":"https://onmark.co.in/nmu/assets/css/bootstrap.css","sourceid":"3","other":"This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\nAt \"High\" threshold this scan rule will not alert on client or server error responses.","method":"GET","evidence":"","pluginId":"10021","cweid":"693","confidence":"Medium","sourceMessageId":28,"wascid":"15","description":"The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.","messageId":"28","inputVector":"","url":"https://onmark.co.in/nmu/assets/css/bootstrap.css","tags":{"OWASP_2021_A05":"https://owasp.org/Top10/A05_2021-Security_Misconfiguration/","POLICY_QA_STD":"","POLICY_PENTEST":"","SYSTEMIC":"https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic","CWE-693":"https://cwe.mitre.org/data/definitions/693.html","OWASP_2017_A06":"https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html","OWASP_2025_A02":"https://owasp.org/Top10/2025/A02_2025-Security_Misconfiguration/"},"reference":"https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\nhttps://owasp.org/www-community/Security_Headers","solution":"Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.\nIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.","alert":"X-Content-Type-Options Header Missing","param":"x-content-type-options","attack":"","name":"X-Content-Type-Options Header Missing","risk":"Low","id":"58","alertRef":"10021"}],"Informational":[{"nodeName":"https://onmark.co.in/nmu/","sourceid":"3","other":"The following pattern was used: \\bUSER\\b and was detected in likely comment: \"